Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
AYoF5MX6wK.exe

Overview

General Information

Sample name:AYoF5MX6wK.exe
renamed because original name is a hash value
Original sample name:8702696887f8dd78d3d9df8b7335f4cc03e541774630b77ecd84b72d57da234f.exe
Analysis ID:1554997
MD5:5df362988683370bcca17fbaf194632a
SHA1:0bc2030d02e19b1d0a1d9d2a4a410169c9485ce8
SHA256:8702696887f8dd78d3d9df8b7335f4cc03e541774630b77ecd84b72d57da234f
Tags:ConsolHQLTDexeuser-JAMESWT_MHT
Infos:

Detection

STRRAT
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected STRRAT
Connects to a pastebin service (likely for C&C)
Creates autostart registry keys to launch java
Found API chain indicative of debugger detection
Found suspicious ZIP file
Query firmware table information (likely to detect VMs)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

  • System is w10x64
  • AYoF5MX6wK.exe (PID: 7420 cmdline: "C:\Users\user\Desktop\AYoF5MX6wK.exe" MD5: 5DF362988683370BCCA17FBAF194632A)
    • msiexec.exe (PID: 7624 cmdline: "C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\Installer.msi" AI_SETUPEXEPATH=C:\Users\user\Desktop\AYoF5MX6wK.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1731488893 " AI_EUIMSI="" MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • msiexec.exe (PID: 7500 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7572 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 4A09D0C8A03EE2C01F2A2C2083C77C40 C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 7672 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding A5A3283E70335C9FCC40AE3FEC98782E MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • run-file.exe (PID: 8116 cmdline: "C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\run-file.exe" MD5: C9C4AC12004CC6B946CB7D49B5EB5EE5)
      • javaw.exe (PID: 8132 cmdline: "C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher MD5: 48C96771106DBDD5D42BBA3772E4B414)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
Process Memory Space: javaw.exe PID: 8132JoeSecurity_STRRATYara detected STRRATJoe Security
    No Sigma rule has matched
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-11-13T10:11:27.179124+010020229301A Network Trojan was detected20.109.210.53443192.168.2.449730TCP
    2024-11-13T10:12:06.538271+010020229301A Network Trojan was detected20.109.210.53443192.168.2.449763TCP

    Click to jump to signature section

    Show All Signature Results
    Source: AYoF5MX6wK.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\README.txtJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\THIRDPARTYLICENSEREADME.txtJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\THIRDPARTYLICENSEREADME.txtJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\README.txtJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\THIRDPARTYLICENSEREADME.txtJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\THIRDPARTYLICENSEREADME.txtJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile opened: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\msvcr100.dllJump to behavior
    Source: unknownHTTPS traffic detected: 104.20.3.235:443 -> 192.168.2.4:49736 version: TLS 1.2
    Source: AYoF5MX6wK.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2ssv\obj\jp2ssv.pdb source: jp2ssv.dll.1.dr
    Source: Binary string: wininet.pdb source: AYoF5MX6wK.exe, 00000000.00000003.1792541298.00000000053E9000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\JobRelease\win\Release\stubs\x86\Decoder.pdb source: AYoF5MX6wK.exe
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libt2k\t2k.pdb source: t2k.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb source: javaw.exe, 00000009.00000002.2127997238.000000006F823000.00000002.00000001.01000000.0000000E.sdmp, java.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdbic source: javaw.exe, 00000009.00000002.2127659033.000000006F6F7000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb'% source: javaw.exe, 00000009.00000002.2127997238.000000006F823000.00000002.00000001.01000000.0000000E.sdmp, java.dll.0.dr
    Source: Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdbb source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFE0E.tmp.1.dr, MSIFAA2.tmp.0.dr
    Source: Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdb source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFE0E.tmp.1.dr, MSIFAA2.tmp.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\klist_objs\klist.pdb source: klist.exe.1.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb source: javaw.exe, 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb8^ source: javaw.exe, 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnet\net.pdb source: javaw.exe, 00000009.00000002.2127760735.000000006F70D000.00000002.00000001.01000000.00000010.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libbci\bci.pdb source: bci.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libverify\verify.pdb source: javaw.exe, 00000009.00000002.2128124516.000000006F846000.00000002.00000001.01000000.0000000D.sdmp, verify.dll.1.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunmscapi\sunmscapi.pdb source: javaw.exe, 00000009.00000002.2127559901.000000006E334000.00000002.00000001.01000000.0000001B.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: tnameserv.exe.0.dr
    Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFD80.tmp.1.dr
    Source: Binary string: C:\JobRelease\win\Release\stubs\x86\Decoder.pdb5 source: AYoF5MX6wK.exe
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\javaw_objs\javaw.pdb source: javaw.exe, 00000009.00000000.2049149929.00000000007AC000.00000002.00000001.01000000.0000000A.sdmp, javaw.exe, 00000009.00000002.2105703592.00000000007AC000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libresource\resource.pdb source: resource.dll.1.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb* source: lcms.dll.0.dr
    Source: Binary string: C:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\hotspot\windows_i486_compiler1\product\jvm.pdb source: javaw.exe, javaw.exe, 00000009.00000002.2126155193.000000006BD31000.00000002.00000001.01000000.0000000C.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\jjs_objs\jjs.pdb source: jjs.exe.1.dr
    Source: Binary string: C:\JobRelease\win\Release\stubs\x86\ExternalUi.pdb source: AYoF5MX6wK.exe
    Source: Binary string: C:\JobRelease\win\Release\custact\x86\Prereq.pdbo source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000004045000.00000004.00001000.00020000.00000000.sdmp
    Source: Binary string: msvcr100.i386.pdb source: javaw.exe, 00000009.00000002.2128214752.000000006F851000.00000020.00000001.01000000.0000000B.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb source: lcms.dll.0.dr
    Source: Binary string: C:\JobRelease\win\Release\custact\x86\Prereq.pdb source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000004045000.00000004.00001000.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdb source: javaw.exe, 00000009.00000002.2127659033.000000006F6F7000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: msvcr120.i386.pdb source: javaw.exe, 00000009.00000002.2127294323.000000006D0E1000.00000020.00000001.01000000.00000012.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libzip\zip.pdb source: javaw.exe, 00000009.00000002.2127896986.000000006F7FA000.00000002.00000001.01000000.0000000F.sdmp
    Source: Binary string: msvcp120.i386.pdb source: javaw.exe, javaw.exe, 00000009.00000002.2127050931.000000006D061000.00000020.00000001.01000000.00000013.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb$ source: javaw.exe, 00000009.00000002.2126591509.000000006C5C3000.00000002.00000001.01000000.0000001A.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdt_shmem\dt_shmem.pdb source: dt_shmem.dll.1.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb) source: JavaAccessBridge-32.dll.1.dr, JavaAccessBridge-32.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb source: javaw.exe, 00000009.00000002.2126591509.000000006C5C3000.00000002.00000001.01000000.0000001A.sdmp
    Source: Binary string: wininet.pdbUGP source: AYoF5MX6wK.exe, 00000000.00000003.1792541298.00000000053E9000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb source: JavaAccessBridge-32.dll.1.dr, JavaAccessBridge-32.dll.0.dr
    Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbn source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFD80.tmp.1.dr
    Source: Binary string: C:\JobRelease\win\Release\custact\x86\lzmaextractor.pdb source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2ssv\obj\jp2ssv.pdb source: jp2ssv.dll.1.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\rmiregistry_objs\rmiregistry.pdb source: rmiregistry.exe.1.dr
    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: z:Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: x:Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: v:Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: t:Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: r:Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: p:Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: n:Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: l:Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: j:Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: h:Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: f:Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: b:Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: y:Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: w:Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: u:Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: s:Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: q:Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: o:Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: m:Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: k:Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: i:Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: g:Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: e:Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: c:Jump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile opened: a:Jump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_0079A3A5 __getdrive,FindFirstFileExA,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,_free,___loctotime64_t,_free,__wsopen_s,__fstat64i32,__close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,9_2_0079A3A5
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_00795225 FindFirstFileA,FindNextFileA,_strlen,_strlen,_strlen,_memmove,_memmove,FindClose,9_2_00795225

    Networking

    barindex
    Source: unknownDNS query: name: pastebin.com
    Source: Joe Sandbox ViewIP Address: 104.20.3.235 104.20.3.235
    Source: Joe Sandbox ViewIP Address: 104.20.3.235 104.20.3.235
    Source: Joe Sandbox ViewJA3 fingerprint: 2db6873021f2a95daa7de0d93a1d1bf2
    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.4:49730
    Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.4:49763
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: AYoF5MX6wK.exeString found in binary or memory: RShlwapi.dllShell32.dllmsiexec.exebinJavaHomeSoftware\JavaSoft\Java Development Kit\Software\JavaSoft\Java Runtime Environment\FlashWindowExFlashWindowKernel32.dllGetPackagePathhttp://www.example.comTESThttp://www.google.comhttp://www.yahoo.comtin9999.tmp.part= "GETattachmentDLD123filenamecharsetutf-16ISO-8859-1POSTutf-8Local Network ServerFTP ServerUS-ASCIIAdvancedInstallerRange: bytes=%u- equals www.yahoo.com (Yahoo)
    Source: AYoF5MX6wK.exe, 00000000.00000000.1741563710.0000000000CF8000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: Shlwapi.dllShell32.dllmsiexec.exebinJavaHomeSoftware\JavaSoft\Java Development Kit\Software\JavaSoft\Java Runtime Environment\FlashWindowExFlashWindowKernel32.dllGetPackagePathhttp://www.example.comTESThttp://www.google.comhttp://www.yahoo.comtin9999.tmp.part= "GETattachmentDLD123filenamecharsetutf-16ISO-8859-1POSTutf-8Local Network ServerFTP ServerUS-ASCIIAdvancedInstallerRange: bytes=%u- equals www.yahoo.com (Yahoo)
    Source: global trafficDNS traffic detected: DNS query: pastebin.com
    Source: javaw.exe, 00000009.00000002.2107188849.000000000510F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: HTTP://WWW.CHAMBERSIGN.ORG
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/allow-java-encodings
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/create-cdata-nodes
    Source: resources.jar.1.drString found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodes
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansionG
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace:
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations3
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/include-comments
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/include-comments1
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/parser-settings
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicates
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/namespace-growth
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/namespace-growth;
    Source: javaw.exe, 00000009.00000002.2122107417.0000000015A71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/namespacesY
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtdA
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs:
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015110000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/standard-uri-conformant
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validate-annotations
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/dynamic
    Source: javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking5
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi=
    Source: javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/element-default
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/element-default=
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-value
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema:
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef3
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydef
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydefD
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris6
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language:
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/current-element-node
    Source: javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/document-class-name
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/dom/document-class-name3
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015110000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/input-buffer-size
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/document-scanner
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor7
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner7
    Source: javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-manager
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-manager:
    Source: javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-resolverh
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-handler
    Source: javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-reporter
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-reporter8
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-binder
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-context
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-context8
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015110000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver5
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/symbol-table
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/symbol-table6
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation-manager
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/schema
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/schemaP6
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/locale
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/localeF
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocationJ
    Source: javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/security-manager
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/security-managerh
    Source: resources.jar.1.drString found in binary or memory: http://apache.org/xml/properties/xpointer-schema
    Source: resources.jar.1.drString found in binary or memory: http://apache.org/xml/properties/xpointer-schema.
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015161000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypes
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015161000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypesD
    Source: javaw.exe, 00000009.00000002.2118361019.000000000A501000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://asm.objectweb.org
    Source: javaw.exe, 00000009.00000002.2127997238.000000006F823000.00000002.00000001.01000000.0000000E.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A212000.00000004.00001000.00020000.00000000.sdmp, java.dll.0.drString found in binary or memory: http://bugreport.sun.com/bugreport/
    Source: javaw.exe, 00000009.00000002.2127997238.000000006F823000.00000002.00000001.01000000.0000000E.sdmp, java.dll.0.drString found in binary or memory: http://bugreport.sun.com/bugreport/java.vendor.url.bughttp://java.oracle.com/java.vendor.urljava.ven
    Source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000004045000.00000004.00001000.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1935779407.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFD80.tmp.1.dr, MSIFE0E.tmp.1.dr, MSIFAA2.tmp.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000004045000.00000004.00001000.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1935779407.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFD80.tmp.1.dr, MSIFE0E.tmp.1.dr, MSIFAA2.tmp.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000AA89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000AA89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl#
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crlc
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000AA89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000AA89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000AA89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl;
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AA89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
    Source: javaw.exe, 00000009.00000002.2118361019.000000000A9BA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, dt_shmem.dll.1.dr, klist.exe.1.dr, t2k.dll.0.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, javafx_iio.dll.1.dr, jjs.exe.1.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000AA89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
    Source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000004045000.00000004.00001000.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1935779407.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFD80.tmp.1.dr, MSIFE0E.tmp.1.dr, MSIFAA2.tmp.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
    Source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000004045000.00000004.00001000.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1935779407.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFD80.tmp.1.dr, MSIFE0E.tmp.1.dr, MSIFAA2.tmp.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
    Source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000004045000.00000004.00001000.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1935779407.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFD80.tmp.1.dr, MSIFE0E.tmp.1.dr, MSIFAA2.tmp.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000004045000.00000004.00001000.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1935779407.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFD80.tmp.1.dr, MSIFE0E.tmp.1.dr, MSIFAA2.tmp.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
    Source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
    Source: javaw.exe, 00000009.00000002.2127997238.000000006F823000.00000002.00000001.01000000.0000000E.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A217000.00000004.00001000.00020000.00000000.sdmp, java.dll.0.drString found in binary or memory: http://java.oracle.com/
    Source: resources.jar.1.drString found in binary or memory: http://java.sun.com/j2se/1.6.0/docs/guide/standards/
    Source: resources.jar.1.drString found in binary or memory: http://java.sun.com/j2se/1.6.0/docs/guide/standards/)
    Source: resources.jar.1.drString found in binary or memory: http://java.sun.com/j2se/1.6.0/docs/guide/standards/).
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015161000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/jaxp/xpath/dom
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015161000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/jaxp/xpath/dom2
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015161000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/ancestor-check
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/
    Source: javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage-
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource
    Source: resources.jar.1.drString found in binary or memory: http://java.sun.com/xml/ns/metro/config
    Source: javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015161000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/)
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace3
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015161000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015110000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A860000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtd
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtd9
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015161000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A860000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event
    Source: fxplugins.dll.0.drString found in binary or memory: http://javafx.com/
    Source: javaw.exe, 00000009.00000002.2118361019.000000000A700000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://javafx.com/fxml/1
    Source: javaw.exe, 00000009.00000002.2118361019.000000000A700000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://javafx.com/javafx/8
    Source: fxplugins.dll.0.drString found in binary or memory: http://javafx.com/vp6decoderflvdemux
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015161000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/
    Source: javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTDR
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchema
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchemaD
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalStylesheet
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.dom.DOMResult/feature
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.dom.DOMSource/feature
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXResult/feature#
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXSource/feature
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmp, jfr.jar.0.drString found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/feature
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/feature/xmlfilter
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/featureF
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stax.StAXResult/feature
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stax.StAXSource/feature
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stream.StreamResult/feature
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stream.StreamResult/feature-
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stream.StreamSource/feature
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.transform.stream.StreamSource/feature6
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2123607892.00000000168D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://null.sun.com/
    Source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000004045000.00000004.00001000.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1935779407.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFD80.tmp.1.dr, MSIFE0E.tmp.1.dr, MSIFAA2.tmp.0.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000004045000.00000004.00001000.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1935779407.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFD80.tmp.1.dr, MSIFE0E.tmp.1.dr, MSIFAA2.tmp.0.drString found in binary or memory: http://ocsp.digicert.com0O
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, dt_shmem.dll.1.dr, klist.exe.1.dr, t2k.dll.0.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, javafx_iio.dll.1.dr, jjs.exe.1.drString found in binary or memory: http://ocsp.thawte.com0
    Source: javaw.exe, javaw.exe, 00000009.00000002.2126155193.000000006BD31000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://openjdk.java.net/jeps/220).
    Source: THIRDPARTYLICENSEREADME-JAVAFX.txt.1.drString found in binary or memory: http://oss.oracle.com/projects/gstreamer-mods/
    Source: THIRDPARTYLICENSEREADME-JAVAFX.txt.1.drString found in binary or memory: http://oss.oracle.com/projects/webkit-java-mods/
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000AA89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com0
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com;
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.comC
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000AA89000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A9BA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A9BA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/0
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/3A
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, dt_shmem.dll.1.dr, klist.exe.1.dr, t2k.dll.0.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, javafx_iio.dll.1.dr, jjs.exe.1.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, dt_shmem.dll.1.dr, klist.exe.1.dr, t2k.dll.0.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, javafx_iio.dll.1.dr, jjs.exe.1.drString found in binary or memory: http://s2.symcb.com0
    Source: THIRDPARTYLICENSEREADME-JAVAFX.txt.1.drString found in binary or memory: http://search.msn.com/docs/siteowner.aspx.
    Source: javaw.exe, 00000009.00000002.2118361019.000000000A9BA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://site.com/
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, dt_shmem.dll.1.dr, klist.exe.1.dr, t2k.dll.0.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, javafx_iio.dll.1.dr, jjs.exe.1.drString found in binary or memory: http://sv.symcb.com/sv.crl0f
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, dt_shmem.dll.1.dr, klist.exe.1.dr, t2k.dll.0.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, javafx_iio.dll.1.dr, jjs.exe.1.drString found in binary or memory: http://sv.symcb.com/sv.crt0
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, dt_shmem.dll.1.dr, klist.exe.1.dr, t2k.dll.0.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, javafx_iio.dll.1.dr, jjs.exe.1.drString found in binary or memory: http://sv.symcd.com0&
    Source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000004045000.00000004.00001000.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1935779407.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFD80.tmp.1.dr, MSIFE0E.tmp.1.dr, MSIFAA2.tmp.0.drString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
    Source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000004045000.00000004.00001000.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1935779407.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFD80.tmp.1.dr, MSIFE0E.tmp.1.dr, MSIFAA2.tmp.0.drString found in binary or memory: http://t2.symcb.com0
    Source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000004045000.00000004.00001000.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1935779407.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFD80.tmp.1.dr, MSIFE0E.tmp.1.dr, MSIFAA2.tmp.0.drString found in binary or memory: http://tl.symcb.com/tl.crl0
    Source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000004045000.00000004.00001000.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1935779407.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFD80.tmp.1.dr, MSIFE0E.tmp.1.dr, MSIFAA2.tmp.0.drString found in binary or memory: http://tl.symcb.com/tl.crt0
    Source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000004045000.00000004.00001000.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1935779407.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFD80.tmp.1.dr, MSIFE0E.tmp.1.dr, MSIFAA2.tmp.0.drString found in binary or memory: http://tl.symcd.com0&
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000AA89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crlk
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, dt_shmem.dll.1.dr, klist.exe.1.dr, t2k.dll.0.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, javafx_iio.dll.1.dr, jjs.exe.1.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, dt_shmem.dll.1.dr, klist.exe.1.dr, t2k.dll.0.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, javafx_iio.dll.1.dr, jjs.exe.1.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, dt_shmem.dll.1.dr, klist.exe.1.dr, t2k.dll.0.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, javafx_iio.dll.1.dr, jjs.exe.1.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: THIRDPARTYLICENSEREADME-JAVAFX.txt.1.drString found in binary or memory: http://www.apache.org/licenses/
    Source: THIRDPARTYLICENSEREADME-JAVAFX.txt.1.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000AA89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl0
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crlk
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000AA89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl#
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
    Source: javaw.exe, 00000009.00000002.2107188849.000000000510F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org1
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org3
    Source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000004045000.00000004.00001000.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1935779407.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFD80.tmp.1.dr, MSIFE0E.tmp.1.dr, MSIFAA2.tmp.0.drString found in binary or memory: http://www.digicert.com/CPS0
    Source: resources.jar.1.drString found in binary or memory: http://www.ietf.org/rfc/rfc4051.txt
    Source: resources.jar.1.drString found in binary or memory: http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/feature/use-service-mechanism
    Source: jfr.jar.0.drString found in binary or memory: http://www.oracle.com/hotspot/jdk/
    Source: jfr.jar.0.drString found in binary or memory: http://www.oracle.com/hotspot/jfr-info/
    Source: javaw.exe, javaw.exe, 00000009.00000002.2126155193.000000006BD31000.00000002.00000001.01000000.0000000C.sdmp, jfr.jar.0.drString found in binary or memory: http://www.oracle.com/hotspot/jvm/
    Source: javaw.exe, javaw.exe, 00000009.00000002.2126155193.000000006BD31000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jvm/java/monitor/address
    Source: javaw.exe, javaw.exe, 00000009.00000002.2126155193.000000006BD31000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/code_sweeper/id
    Source: javaw.exe, javaw.exe, 00000009.00000002.2126155193.000000006BD31000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/compiler/id
    Source: javaw.exe, javaw.exe, 00000009.00000002.2126155193.000000006BD31000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/gc/id
    Source: javaw.exe, 00000009.00000002.2118361019.000000000A9BA000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2123607892.00000000168D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/technetwork/java/javafx/index.html
    Source: javaw.exe, javaw.exe, 00000009.00000002.2126155193.000000006BD31000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.oracle.com/technetwork/java/javaseproducts/
    Source: javaw.exe, 00000009.00000002.2126155193.000000006BD31000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.oracle.com/technetwork/java/javaseproducts/C:
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/is-standalone
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015161000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementAttributeLimit
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/enableExtensionFunctions
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo%
    Source: javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepth
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepthe-
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimit
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimit
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxXMLNameLimit
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimit
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManager
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000AA89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm;
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bmKy
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AA74000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000AA89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
    Source: javaw.exe, 00000009.00000002.2118361019.000000000A9BA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, dt_shmem.dll.1.dr, klist.exe.1.dr, t2k.dll.0.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, javafx_iio.dll.1.dr, jjs.exe.1.drString found in binary or memory: http://www.symauth.com/cps0(
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, dt_shmem.dll.1.dr, klist.exe.1.dr, t2k.dll.0.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, javafx_iio.dll.1.dr, jjs.exe.1.drString found in binary or memory: http://www.symauth.com/rpa00
    Source: resources.jar.1.drString found in binary or memory: http://www.xmlsecurity.org/NS/#configuration
    Source: resources.jar.1.drString found in binary or memory: http://www.xmlsecurity.org/experimental#
    Source: javaw.exe, 00000009.00000002.2118361019.000000000A538000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.apache.org/xalan
    Source: resources.jar.1.drString found in binary or memory: http://xml.apache.org/xalan-j
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.apache.org/xpath/features/whitespace-pre-stripping
    Source: javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.apache.org/xslt
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.apache.org/xsltr;
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015161000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entities
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entities7
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entities
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entities8
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces?
    Source: javaw.exe, 00000009.00000002.2122107417.0000000015A71000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A860000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/string-interning
    Source: javaw.exe, 00000009.00000002.2122107417.0000000015A71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/string-interningfeature
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/use-entity-resolver2
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/validation
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/
    Source: javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/lexical-handler
    Source: javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/xml-string
    Source: javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/xml-string?
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, dt_shmem.dll.1.dr, klist.exe.1.dr, t2k.dll.0.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, javafx_iio.dll.1.dr, jjs.exe.1.drString found in binary or memory: https://d.symcb.com/cps0%
    Source: fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, dt_shmem.dll.1.dr, klist.exe.1.dr, t2k.dll.0.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, javafx_iio.dll.1.dr, jjs.exe.1.drString found in binary or memory: https://d.symcb.com/rpa0
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AA89000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2123607892.0000000016820000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/TsSaltan/DevelNext-jURL/releases/latest
    Source: javaw.exe, 00000009.00000002.2118361019.000000000A2CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/gson
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000AA89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
    Source: javaw.exe, 00000009.00000002.2118361019.000000000AA89000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/1aPGZuDS
    Source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000004045000.00000004.00001000.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1935779407.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFD80.tmp.1.dr, MSIFE0E.tmp.1.dr, MSIFAA2.tmp.0.drString found in binary or memory: https://www.advancedinstaller.com
    Source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000004045000.00000004.00001000.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1935779407.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFD80.tmp.1.dr, MSIFE0E.tmp.1.dr, MSIFAA2.tmp.0.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000004045000.00000004.00001000.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1935779407.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFD80.tmp.1.dr, MSIFE0E.tmp.1.dr, MSIFAA2.tmp.0.drString found in binary or memory: https://www.thawte.com/cps0/
    Source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000004045000.00000004.00001000.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1935779407.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFD80.tmp.1.dr, MSIFE0E.tmp.1.dr, MSIFAA2.tmp.0.drString found in binary or memory: https://www.thawte.com/repository0W
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownHTTPS traffic detected: 104.20.3.235:443 -> 192.168.2.4:49736 version: TLS 1.2
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B99330E _Java_sun_awt_windows_WClipboard_openClipboard@12,__ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z,__EH_prolog3_catch,_JNU_ThrowByName@12,9_2_6B99330E
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B993707 _Java_sun_awt_windows_WClipboard_getClipboardData@16,__ehhandler$?_Init@?$numpunct@_W@std@@IAEXABV_Locinfo@2@@Z,__EH_prolog3_catch,_JNU_ThrowIOException@8,SetLastError,GlobalSize,GetLastError,_CxxThrowException,GlobalLock,GlobalUnlock,GlobalLock,GlobalUnlock,GlobalLock,free,GlobalUnlock,GlobalUnlock,9_2_6B993707
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B9C6800 GetKeyboardState,9_2_6B9C6800

    System Summary

    barindex
    Source: ffjcext.zip.0.drZip Entry: {CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/ffjcext/ffjcext.js
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4efbc9.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFD21.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFD80.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFDDE.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFE0E.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFE5D.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFE8D.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{0CD4A799-CA89-4B58-9969-139C252455D3}Jump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3974.tmpJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4efbcc.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4efbcc.msiJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIFD21.tmpJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\run-file.exeCode function: 8_2_00405D308_2_00405D30
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\run-file.exeCode function: 8_2_004013B08_2_004013B0
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_007968299_2_00796829
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_007970169_2_00797016
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_007984FF9_2_007984FF
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_007AB4A19_2_007AB4A1
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_007A00A79_2_007A00A7
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_0079B1699_2_0079B169
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_0079BD6E9_2_0079BD6E
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_007AA5529_2_007AA552
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_0079C1569_2_0079C156
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_007A99259_2_007A9925
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_0079B5FE9_2_0079B5FE
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_0079B99C9_2_0079B99C
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_007A9E769_2_007A9E76
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_00797F2B9_2_00797F2B
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_00797B2F9_2_00797B2F
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_007A93D49_2_007A93D4
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B956A769_2_6B956A76
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B956A789_2_6B956A78
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B9569F09_2_6B9569F0
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B9AE9409_2_6B9AE940
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B9228209_2_6B922820
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B93082C9_2_6B93082C
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B93AD609_2_6B93AD60
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B9AED609_2_6B9AED60
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B988CC09_2_6B988CC0
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B9223A09_2_6B9223A0
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B9222809_2_6B922280
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B94E2C09_2_6B94E2C0
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B99A0069_2_6B99A006
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B9887B09_2_6B9887B0
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B9307A09_2_6B9307A0
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B9225309_2_6B922530
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B9AE5309_2_6B9AE530
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B9ADB909_2_6B9ADB90
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B98BA809_2_6B98BA80
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B9B1A109_2_6B9B1A10
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B921A409_2_6B921A40
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B98D9609_2_6B98D960
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B9AD8609_2_6B9AD860
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B9B1F009_2_6B9B1F00
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B945DE09_2_6B945DE0
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B941CB09_2_6B941CB0
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B96DCA49_2_6B96DCA4
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B92F3309_2_6B92F330
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B9892D09_2_6B9892D0
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: String function: 6B9D3DC6 appears 48 times
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: String function: 6B9D3DA2 appears 33 times
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: String function: 6B9D3F4E appears 52 times
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: String function: 6B9D405E appears 44 times
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: String function: 6B9CF4BC appears 330 times
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: String function: 6B9D4026 appears 283 times
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: String function: 00793BA3 appears 49 times
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: String function: 6B9D3D9C appears 152 times
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: String function: 6B97EA57 appears 215 times
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: String function: 6B9D3F81 appears 339 times
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: String function: 0079DB40 appears 40 times
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: String function: 00798A72 appears 35 times
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\run-file.exeCode function: String function: 00406E10 appears 37 times
    Source: AYoF5MX6wK.exe, 00000000.00000003.1791954573.0000000001004000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefusion.dllT vs AYoF5MX6wK.exe
    Source: AYoF5MX6wK.exe, 00000000.00000003.1792541298.00000000053E9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewininet.dllD vs AYoF5MX6wK.exe
    Source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000004045000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSoftwareDetector.dllF vs AYoF5MX6wK.exe
    Source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000004045000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePrereq.dllF vs AYoF5MX6wK.exe
    Source: AYoF5MX6wK.exe, 00000000.00000003.1745162761.0000000000F81000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDecoder.dllF vs AYoF5MX6wK.exe
    Source: AYoF5MX6wK.exe, 00000000.00000003.1792125391.0000000001004000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefusion.dllT vs AYoF5MX6wK.exe
    Source: AYoF5MX6wK.exe, 00000000.00000000.1741677784.0000000000DA6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileNameInstaller.exe8 vs AYoF5MX6wK.exe
    Source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelzmaextractor.dllF vs AYoF5MX6wK.exe
    Source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAICustAct.dllF vs AYoF5MX6wK.exe
    Source: AYoF5MX6wK.exeBinary or memory string: OriginalFileNameInstaller.exe8 vs AYoF5MX6wK.exe
    Source: AYoF5MX6wK.exeBinary or memory string: OriginalFilenameDecoder.dllF vs AYoF5MX6wK.exe
    Source: AYoF5MX6wK.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal68.troj.evad.winEXE@12/464@1/1
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\run-file.exeCode function: 8_2_00401ED0 GetLastError,puts,ShellExecuteA,printf,fclose,MessageBoxA,FormatMessageA,strlen,strcat,LocalFree,fprintf,fprintf,fprintf,8_2_00401ED0
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\run-file.exeCode function: 8_2_00404740 FindResourceExA,LoadResource,LockResource,fprintf,FindResourceExA,LoadResource,LockResource,fprintf,strchr,strlen,strcpy,FindResourceExA,LoadResource,LockResource,fprintf,strchr,strlen,strcpy,strncpy,strlen,strcat,strncpy,strlen,strcat,FindResourceExA,LoadResource,LockResource,atoi,SetLastError,SetLastError,SetLastError,strcpy,fprintf,FindResourceExA,LoadResource,LockResource,atoi,strcpy,fprintf,fprintf,SetLastError,SetLastError,fprintf,8_2_00404740
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTDJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTDJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeMutant created: NULL
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Local\Temp\shiF86E.tmpJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCommand line argument: 1.89_2_00791000
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCommand line argument: 1.8.0_101-b139_2_00791000
    Source: AYoF5MX6wK.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile read: C:\Users\desktop.iniJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: javaw.exeString found in binary or memory: sun/launcher/LauncherHelper
    Source: javaw.exeString found in binary or memory: -help
    Source: javaw.exeString found in binary or memory: vm/class/load
    Source: javaw.exeString found in binary or memory: sun/misc/Launcher$ExtClassLoader
    Source: javaw.exeString found in binary or memory: sun/misc/Launcher$AppClassLoader
    Source: javaw.exeString found in binary or memory: sun/misc/Launcher
    Source: javaw.exeString found in binary or memory: kHeap Regions: (Y=young(eden), SU=young(survivor), HS=humongous(starts), HC=humongous(continues), CS=collection set, F=free, TS=gc time stamp, PTAMS=previous top-at-mark-start, NTAMS=next top-at-mark-start)
    Source: javaw.exeString found in binary or memory: [GC concurrent-root-region-scan-start]
    Source: javaw.exeString found in binary or memory: [GC concurrent-mark-start]
    Source: javaw.exeString found in binary or memory: [GC concurrent-cleanup-start]
    Source: javaw.exeString found in binary or memory: http://www.oracle.com/hotspot/jvm/java/monitor/address
    Source: javaw.exeString found in binary or memory: G1-Refine-stop
    Source: javaw.exeString found in binary or memory: Fused Multiply-Add
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile read: C:\Users\user\Desktop\AYoF5MX6wK.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\AYoF5MX6wK.exe "C:\Users\user\Desktop\AYoF5MX6wK.exe"
    Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 4A09D0C8A03EE2C01F2A2C2083C77C40 C
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\Installer.msi" AI_SETUPEXEPATH=C:\Users\user\Desktop\AYoF5MX6wK.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1731488893 " AI_EUIMSI=""
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding A5A3283E70335C9FCC40AE3FEC98782E
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\run-file.exe "C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\run-file.exe"
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\run-file.exeProcess created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exe "C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\Installer.msi" AI_SETUPEXEPATH=C:\Users\user\Desktop\AYoF5MX6wK.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1731488893 " AI_EUIMSI=""Jump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 4A09D0C8A03EE2C01F2A2C2083C77C40 CJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding A5A3283E70335C9FCC40AE3FEC98782EJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\run-file.exe "C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\run-file.exe"Jump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\run-file.exeProcess created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exe "C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncherJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: windowscodecs.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: msi.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: usp10.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: msls31.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: dwmapi.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: davhlpr.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: msimg32.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: cabinet.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: lpk.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: msihnd.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: wkscli.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: riched20.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: atlthunk.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: explorerframe.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: tsappcmp.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: pcacli.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeSection loaded: taskschd.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textshaping.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wkscli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mscoree.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: pcacli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: secur32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\run-file.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: version.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: dhcpcsvc6.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: dhcpcsvc.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: d3d9.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: dwmapi.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: d3d10warp.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: resourcepolicyclient.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: dxcore.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: dwrite.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: windowscodecs.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: dataexchange.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: d3d11.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: dcomp.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: dxgi.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: twinapi.appcore.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: textinputframework.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: coreuicomponents.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: coremessaging.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: wintypes.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: AYoF5MX6wK.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
    Source: AYoF5MX6wK.exeStatic file information: File size 49198887 > 1048576
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile opened: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\msvcr100.dllJump to behavior
    Source: AYoF5MX6wK.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x216e00
    Source: AYoF5MX6wK.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: AYoF5MX6wK.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: AYoF5MX6wK.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: AYoF5MX6wK.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: AYoF5MX6wK.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: AYoF5MX6wK.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: AYoF5MX6wK.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
    Source: AYoF5MX6wK.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2ssv\obj\jp2ssv.pdb source: jp2ssv.dll.1.dr
    Source: Binary string: wininet.pdb source: AYoF5MX6wK.exe, 00000000.00000003.1792541298.00000000053E9000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: C:\JobRelease\win\Release\stubs\x86\Decoder.pdb source: AYoF5MX6wK.exe
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libt2k\t2k.pdb source: t2k.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb source: javaw.exe, 00000009.00000002.2127997238.000000006F823000.00000002.00000001.01000000.0000000E.sdmp, java.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdbic source: javaw.exe, 00000009.00000002.2127659033.000000006F6F7000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb'% source: javaw.exe, 00000009.00000002.2127997238.000000006F823000.00000002.00000001.01000000.0000000E.sdmp, java.dll.0.dr
    Source: Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdbb source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFE0E.tmp.1.dr, MSIFAA2.tmp.0.dr
    Source: Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdb source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFE0E.tmp.1.dr, MSIFAA2.tmp.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\klist_objs\klist.pdb source: klist.exe.1.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb source: javaw.exe, 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb8^ source: javaw.exe, 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnet\net.pdb source: javaw.exe, 00000009.00000002.2127760735.000000006F70D000.00000002.00000001.01000000.00000010.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libbci\bci.pdb source: bci.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libverify\verify.pdb source: javaw.exe, 00000009.00000002.2128124516.000000006F846000.00000002.00000001.01000000.0000000D.sdmp, verify.dll.1.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunmscapi\sunmscapi.pdb source: javaw.exe, 00000009.00000002.2127559901.000000006E334000.00000002.00000001.01000000.0000001B.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: tnameserv.exe.0.dr
    Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFD80.tmp.1.dr
    Source: Binary string: C:\JobRelease\win\Release\stubs\x86\Decoder.pdb5 source: AYoF5MX6wK.exe
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\javaw_objs\javaw.pdb source: javaw.exe, 00000009.00000000.2049149929.00000000007AC000.00000002.00000001.01000000.0000000A.sdmp, javaw.exe, 00000009.00000002.2105703592.00000000007AC000.00000002.00000001.01000000.0000000A.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libresource\resource.pdb source: resource.dll.1.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb* source: lcms.dll.0.dr
    Source: Binary string: C:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\hotspot\windows_i486_compiler1\product\jvm.pdb source: javaw.exe, javaw.exe, 00000009.00000002.2126155193.000000006BD31000.00000002.00000001.01000000.0000000C.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\jjs_objs\jjs.pdb source: jjs.exe.1.dr
    Source: Binary string: C:\JobRelease\win\Release\stubs\x86\ExternalUi.pdb source: AYoF5MX6wK.exe
    Source: Binary string: C:\JobRelease\win\Release\custact\x86\Prereq.pdbo source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000004045000.00000004.00001000.00020000.00000000.sdmp
    Source: Binary string: msvcr100.i386.pdb source: javaw.exe, 00000009.00000002.2128214752.000000006F851000.00000020.00000001.01000000.0000000B.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb source: lcms.dll.0.dr
    Source: Binary string: C:\JobRelease\win\Release\custact\x86\Prereq.pdb source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000004045000.00000004.00001000.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdb source: javaw.exe, 00000009.00000002.2127659033.000000006F6F7000.00000002.00000001.01000000.00000011.sdmp
    Source: Binary string: msvcr120.i386.pdb source: javaw.exe, 00000009.00000002.2127294323.000000006D0E1000.00000020.00000001.01000000.00000012.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libzip\zip.pdb source: javaw.exe, 00000009.00000002.2127896986.000000006F7FA000.00000002.00000001.01000000.0000000F.sdmp
    Source: Binary string: msvcp120.i386.pdb source: javaw.exe, javaw.exe, 00000009.00000002.2127050931.000000006D061000.00000020.00000001.01000000.00000013.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb$ source: javaw.exe, 00000009.00000002.2126591509.000000006C5C3000.00000002.00000001.01000000.0000001A.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdt_shmem\dt_shmem.pdb source: dt_shmem.dll.1.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb) source: JavaAccessBridge-32.dll.1.dr, JavaAccessBridge-32.dll.0.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb source: javaw.exe, 00000009.00000002.2126591509.000000006C5C3000.00000002.00000001.01000000.0000001A.sdmp
    Source: Binary string: wininet.pdbUGP source: AYoF5MX6wK.exe, 00000000.00000003.1792541298.00000000053E9000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb source: JavaAccessBridge-32.dll.1.dr, JavaAccessBridge-32.dll.0.dr
    Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbn source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFD80.tmp.1.dr
    Source: Binary string: C:\JobRelease\win\Release\custact\x86\lzmaextractor.pdb source: AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2ssv\obj\jp2ssv.pdb source: jp2ssv.dll.1.dr
    Source: Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\rmiregistry_objs\rmiregistry.pdb source: rmiregistry.exe.1.dr
    Source: AYoF5MX6wK.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: AYoF5MX6wK.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: AYoF5MX6wK.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: AYoF5MX6wK.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: AYoF5MX6wK.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: shiF86E.tmp.0.drStatic PE information: 0xC7FEC470 [Wed Apr 29 05:06:56 2076 UTC]
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_00794DC6 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,9_2_00794DC6
    Source: jfxwebkit.dll.0.drStatic PE information: section name: .unwante
    Source: prism_sw.dll.0.drStatic PE information: section name: _RDATA
    Source: shiF86E.tmp.0.drStatic PE information: section name: .wpp_sf
    Source: shiF86E.tmp.0.drStatic PE information: section name: .didat
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_0079DB85 push ecx; ret 9_2_0079DB98
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B9D48B5 push ecx; ret 9_2_6B9D48C8
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B9D4026 push ecx; ret 9_2_6B9D4039
    Source: msvcr100.dll.0.drStatic PE information: section name: .text entropy: 6.90903234258047
    Source: msvcr100.dll0.0.drStatic PE information: section name: .text entropy: 6.90903234258047
    Source: msvcr120.dll.0.drStatic PE information: section name: .text entropy: 6.95576372950548
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\net.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\bci.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\policytool.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\verify.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\net.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\java.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\npt.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javafx_iio.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jp2native.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\splashscreen.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\npt.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\hprof.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jfxwebkit.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\bci.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Local\Temp\MSIF8FB.tmpJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\zip.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\JavaAccessBridge-32.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\java.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\sunec.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\zip.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jp2ssv.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\awt.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\orbd.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\awt.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\JAWTAccessBridge.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\fxplugins.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\javaws.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\tnameserv.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\servertool.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\policytool.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\java_crw_demo.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\unpack200.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jsdt.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\deploy.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\dt_socket.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\dt_shmem.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\run-file.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFE5D.tmpJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\javacpl.cplJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\rmid.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\JavaAccessBridge-32.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jsoundds.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\prism_sw.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFD21.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\verify.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\ktab.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\t2k.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\unpack.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\dcpr.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\msvcp120.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\w2k_lsa_auth.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\msvcr120.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\rmiregistry.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Local\Temp\MSIFAA2.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\deploy.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\nio.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\instrument.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\plugin2\msvcr100.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\msvcr120.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\fontmanager.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\prism_d3d.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\pack200.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\dtplugin\npdeployJava1.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\JavaAccessBridge.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\JavaAccessBridge.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\servertool.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\plugin2\msvcr100.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jp2iexp.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\nio.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\JAWTAccessBridge.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\glib-lite.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javafx_font_t2k.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\instrument.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\sunmscapi.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\javacpl.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\fontmanager.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\resource.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jp2launcher.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\javafx_font.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jsound.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\klist.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\javafx_iio.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\splashscreen.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\msvcp120.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\java-rmi.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\lcms.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\lcms.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\prism_common.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jabswitch.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\javafx_font_t2k.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jaas_nt.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\unpack200.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\unpack.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\ssvagent.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\keytool.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\hprof.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\JAWTAccessBridge-32.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFE8D.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\sunmscapi.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\orbd.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\ktab.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\java_crw_demo.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\java.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\dtplugin\npdeployJava1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\run-file.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\pack200.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\mlib_image.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFDDE.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\dt_socket.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\management.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\gstreamer-lite.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\resource.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFE0E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\eula.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\sunec.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\decora_sse.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jli.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javacpl.cplJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\ssvagent.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jli.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\WindowsAccessBridge-32.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jfxmedia.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\klist.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\decora_sse.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\glass.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\java-rmi.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\rmiregistry.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\fxplugins.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\mlib_image.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jsdt.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\management.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\JAWTAccessBridge-32.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\WindowsAccessBridge.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\dcpr.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jfr.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\rmid.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\glib-lite.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jjs.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\client\jvm.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jfxwebkit.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jp2launcher.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javafx_font.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jdwp.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Local\Temp\shiF86E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\t2k.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\j2pcsc.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\j2pkcs11.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jdwp.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\j2pkcs11.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\client\jvm.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jsound.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\dtplugin\deployJava1.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jfr.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\decoder.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\kcms.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaws.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\kcms.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jabswitch.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\dtplugin\deployJava1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\wsdetect.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\gstreamer-lite.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\ssv.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\prism_d3d.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\prism_sw.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\ssv.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jpeg.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\msvcr100.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\msvcr100.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jpeg.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jawt.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\prism_common.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jp2iexp.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jp2native.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jp2ssv.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\eula.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\glass.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\kinit.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jawt.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\j2pcsc.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\dt_shmem.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javacpl.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\WindowsAccessBridge.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\plugin2\npjp2.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jfxmedia.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jjs.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\w2k_lsa_auth.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\tnameserv.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jsoundds.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFD80.tmpJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\keytool.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\java.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\wsdetect.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\WindowsAccessBridge-32.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\javaw.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\kinit.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\plugin2\npjp2.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jaas_nt.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFE8D.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFD21.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFE0E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFE5D.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFD80.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFDDE.tmpJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\javacpl.cplJump to dropped file
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javacpl.cplJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\README.txtJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\THIRDPARTYLICENSEREADME.txtJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile created: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\THIRDPARTYLICENSEREADME.txtJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\README.txtJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\THIRDPARTYLICENSEREADME-JAVAFX.txtJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\THIRDPARTYLICENSEREADME.txtJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\THIRDPARTYLICENSEREADME.txtJump to behavior

    Boot Survival

    barindex
    Source: C:\Windows\System32\msiexec.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E21692255B591554ABCA3BA6B9C7AFF4 997A4DC098AC85B4999631C95242553D C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B9798E3 JDK_LoadSystemLibrary,JDK_LoadSystemLibrary,JDK_LoadSystemLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,9_2_6B9798E3
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeProcess information set: NOGPFAULTERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Source: C:\Windows\SysWOW64\msiexec.exeSystem information queried: FirmwareTableInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeSystem information queried: FirmwareTableInformationJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B93AD60 rdtsc 9_2_6B93AD60
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\net.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\bci.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\policytool.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\verify.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\net.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\java.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\npt.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javafx_iio.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jp2native.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\npt.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\splashscreen.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\hprof.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jfxwebkit.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIF8FB.tmpJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\bci.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\JavaAccessBridge-32.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\zip.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\java.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\sunec.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\zip.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jp2ssv.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\awt.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\awt.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\orbd.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\JAWTAccessBridge.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\fxplugins.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\tnameserv.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\javaws.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\servertool.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\policytool.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\java_crw_demo.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\unpack200.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jsdt.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\dt_socket.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\deploy.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\dt_shmem.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFE5D.tmpJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\javacpl.cplJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\rmid.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jsoundds.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\JavaAccessBridge-32.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\prism_sw.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFD21.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\verify.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\ktab.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\t2k.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\unpack.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\dcpr.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\msvcp120.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\w2k_lsa_auth.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\msvcr120.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\rmiregistry.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIFAA2.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\deploy.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\nio.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\instrument.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\plugin2\msvcr100.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\msvcr120.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\fontmanager.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\prism_d3d.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\pack200.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\dtplugin\npdeployJava1.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\JavaAccessBridge.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\JavaAccessBridge.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\servertool.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\plugin2\msvcr100.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jp2iexp.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\glib-lite.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\nio.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\JAWTAccessBridge.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javafx_font_t2k.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\instrument.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\sunmscapi.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\javacpl.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\resource.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\fontmanager.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jp2launcher.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jsound.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\javafx_font.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\klist.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\javafx_iio.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\splashscreen.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\msvcp120.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\java-rmi.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\lcms.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\lcms.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\prism_common.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jabswitch.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\javafx_font_t2k.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jaas_nt.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\unpack200.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\unpack.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\keytool.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\ssvagent.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\JAWTAccessBridge-32.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\hprof.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFE8D.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\sunmscapi.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\orbd.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\ktab.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\java.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\java_crw_demo.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\dtplugin\npdeployJava1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\mlib_image.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\pack200.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\management.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\dt_socket.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFDDE.tmpJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\gstreamer-lite.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\resource.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\eula.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFE0E.tmpJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\sunec.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\decora_sse.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jli.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javacpl.cplJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\ssvagent.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jli.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\WindowsAccessBridge-32.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jfxmedia.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\klist.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\decora_sse.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\glass.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\java-rmi.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\rmiregistry.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\fxplugins.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\mlib_image.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jsdt.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\management.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\JAWTAccessBridge-32.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\WindowsAccessBridge.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jfr.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\dcpr.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\rmid.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\glib-lite.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jjs.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\client\jvm.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jfxwebkit.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jp2launcher.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javafx_font.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jdwp.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shiF86E.tmpJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\t2k.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\j2pcsc.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\j2pkcs11.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jdwp.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\j2pkcs11.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\client\jvm.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jsound.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\dtplugin\deployJava1.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jfr.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\decoder.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\kcms.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaws.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\kcms.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jabswitch.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\dtplugin\deployJava1.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\wsdetect.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\gstreamer-lite.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\ssv.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\prism_d3d.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\prism_sw.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\ssv.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jpeg.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\msvcr100.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\msvcr100.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jpeg.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jawt.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\prism_common.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jp2iexp.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jp2native.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jp2ssv.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\glass.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\eula.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\kinit.exeJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jawt.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\j2pcsc.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\dt_shmem.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javacpl.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\WindowsAccessBridge.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\plugin2\npjp2.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jjs.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jfxmedia.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\w2k_lsa_auth.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\tnameserv.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jsoundds.dllJump to dropped file
    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFD80.tmpJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\keytool.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\java.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\wsdetect.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\WindowsAccessBridge-32.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\kinit.exeJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\plugin2\npjp2.dllJump to dropped file
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\jre\bin\jaas_nt.dllJump to dropped file
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_9-75647
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeAPI coverage: 1.3 %
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B994604 GetKeyboardLayout followed by cmp: cmp ax, cx and CTI: jne 6B994627h9_2_6B994604
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B9C72CE GetKeyboardLayout followed by cmp: cmp esi, eax and CTI: je 6B9C6C9Eh9_2_6B9C72CE
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeFile Volume queried: C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3 FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_0079A3A5 __getdrive,FindFirstFileExA,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,_free,___loctotime64_t,_free,__wsopen_s,__fstat64i32,__close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,9_2_0079A3A5
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_00795225 FindFirstFileA,FindNextFileA,_strlen,_strlen,_strlen,_memmove,_memmove,FindClose,9_2_00795225
    Source: javaw.exe, 00000009.00000002.2126155193.000000006BD31000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: k{constant pool}code cache C-heap hand metaspace chunks dict zone strs syms heap threads [Verifying Genesis-2147483648Unable to link/verify Finalizer.register methodUnable to link/verify ClassLoader.addClass methodProtectionDomain.impliesCreateAccessControlContext() has the wrong linkageUnable to link/verify Unsafe.throwIllegalAccessError methodJava heap space: failed reallocation of scalar replaced objectsGC overhead limit exceededRequested array size exceeds VM limitCompressed class spaceJava heap spaceUnable to link/verify VirtualMachineError classC:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\hotspot\src\share\vm\oops\arrayKlass.cpp[]guarantee(component_mirror()->klass() != NULL) failedshould have a classC:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\hotspot\src\share\vm\gc_interface/collectedHeap.inline.hpp - length: %dguarantee(a->length() >= 0) failedarray with negative length?guarantee(obj->is_array()) failedmust be arrayshould be klassguarantee(is_constantPool()) failedvtable restored by this call<pseudo-string> cache=0x%08x (extra) for /operands[%d]/preresolutionconstant pool [%d]A constant pool lockC:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\hotspot\src\share\vm\oops\constantPool.cppguarantee(!ConstantPool::is_invokedynamic_index(which)) failedan invokedynamic instruction does not have a klassRESOLVE %s %s
    Source: AYoF5MX6wK.exeBinary or memory string: &VmCi
    Source: javaw.exe, 00000009.00000003.2049960945.00000000150C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
    Source: MSIFAA2.tmp.0.drBinary or memory string: RegOpenKeyTransactedW::NetUserGetInfo() failed with error: \@invalid string_view positionVMware, Inc.VMware Virtual PlatformVMware7,1innotek GmbHVirtualBoxMicrosoft CorporationVirtual MachineVRTUALACRSYSA M IGetting system informationManufacturer [Model [BIOS [\\?\UNC\\\?\shim_clone%d.%d.%d.%dDllGetVersion[%!]%!ProgramFilesFolderCommonFilesFolderDesktopFolderAllUsersDesktopFolderAppDataFolderFavoritesFolderStartMenuFolderProgramMenuFolderStartupFolderFontsFolderLocalAppDataFolderCommonAppDataFolderProgramFiles64FolderProgramFilesProgramW6432SystemFolderSystem32FolderWindowsFolderWindowsVolumeTempFolderSETUPEXEDIRshfolder.dllSHGetFolderPathWProgramFilesAPPDATAPROGRAMFILES&+
    Source: javaw.exe, javaw.exe, 00000009.00000002.2126155193.000000006BD31000.00000002.00000001.01000000.0000000C.sdmp, classlist.0.drBinary or memory string: java/lang/VirtualMachineError
    Source: javaw.exe, javaw.exe, 00000009.00000002.2126155193.000000006BD31000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: Unable to link/verify VirtualMachineError class
    Source: javaw.exe, 00000009.00000003.2049960945.00000000150C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: org/omg/CORBA/OMGVMCID.classPK
    Source: javaw.exe, 00000009.00000002.2106617400.00000000029F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cjava/lang/VirtualMachineError
    Source: javaw.exe, 00000009.00000002.2106617400.00000000029F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: t[Ljava/lang/VirtualMachineError;
    Source: javaw.exe, 00000009.00000003.2049960945.00000000150C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: )Q+com/sun/corba/se/impl/util/SUNVMCID.classPK
    Source: javaw.exe, javaw.exe, 00000009.00000002.2126155193.000000006BD31000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: _well_known_klasses[SystemDictionary::VirtualMachineError_klass_knum]
    Source: javaw.exe, 00000009.00000003.2049960945.00000000150C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: java/lang/VirtualMachineError.classPK
    Source: javaw.exe, 00000009.00000002.2106617400.00000000029F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lVirtualMachineError.java
    Source: javaw.exe, 00000009.00000002.2105989966.0000000000F08000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeAPI call chain: ExitProcess graph end nodegraph_9-75649
    Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_9-77187
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B93AD60 rdtsc 9_2_6B93AD60
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_0079D15B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_0079D15B
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_00794DC6 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,9_2_00794DC6
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_007A7E87 __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,9_2_007A7E87
    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\run-file.exe "C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\run-file.exe"Jump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\run-file.exeCode function: 8_2_00401150 SetUnhandledExceptionFilter,__getmainargs,_iob,_iob,_setmode,_iob,_iob,_setmode,__p__fmode,__p__environ,_cexit,ExitProcess,8_2_00401150
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_0079D15B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_0079D15B
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_007996E8 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_007996E8
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_0079EF37 SetUnhandledExceptionFilter,9_2_0079EF37
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B9D3E32 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,9_2_6B9D3E32
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeMemory protected: page read and write | page guardJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\run-file.exeProcess created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exe "C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncherJump to behavior
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "c:\windows\system32\msiexec.exe" /i "c:\users\user\appdata\roaming\consolhq ltd\skimarutils 1.12.3\install\52455d3\installer.msi" ai_setupexepath=c:\users\user\desktop\ayof5mx6wk.exe setupexedir=c:\users\user\desktop\ exe_cmd_line="/exenoupdates /forcecleanup /wintime 1731488893 " ai_euimsi=""
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\run-file.exeProcess created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exe "c:\program files (x86)\consolhq ltd\skimarutils\jre\bin\javaw.exe" -dfile.encoding=utf-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.fxlauncher
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "c:\windows\system32\msiexec.exe" /i "c:\users\user\appdata\roaming\consolhq ltd\skimarutils 1.12.3\install\52455d3\installer.msi" ai_setupexepath=c:\users\user\desktop\ayof5mx6wk.exe setupexedir=c:\users\user\desktop\ exe_cmd_line="/exenoupdates /forcecleanup /wintime 1731488893 " ai_euimsi=""Jump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\run-file.exeProcess created: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exe "c:\program files (x86)\consolhq ltd\skimarutils\jre\bin\javaw.exe" -dfile.encoding=utf-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.fxlauncherJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: GetLocaleInfoW,_wtoi,GetACP,9_2_6B9B69B7
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: _Java_sun_awt_windows_WPageDialogPeer__1show@8,__EH_prolog3_catch,memset,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,wcscmp,free,GlobalLock,_control87,_control87,_control87,_control87,GlobalUnlock,_CxxThrowException,GlobalLock,GlobalUnlock,9_2_6B9BEC97
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: _Java_sun_awt_windows_WPrinterJob_getDefaultPage@12,__EH_prolog3_catch,GlobalLock,_wcsdup,GlobalUnlock,free,GlobalFree,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,wcscmp,free,GlobalFree,free,GlobalUnlock,_CxxThrowException,9_2_6B9BF11E
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: _Java_sun_awt_windows_WPrinterJob_getDefaultPage@12,__EH_prolog3_catch,GlobalLock,_wcsdup,GlobalUnlock,free,GlobalFree,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,wcscmp,free,GlobalFree,free,GlobalUnlock,_CxxThrowException,9_2_6B9BF11E
    Source: C:\Users\user\Desktop\AYoF5MX6wK.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_0079F719 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,9_2_0079F719
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_007A819A __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,9_2_007A819A
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B99EB56 _JNU_GetEnv@8,GetVersion,GetVersion,GetVersion,GetVersion,9_2_6B99EB56
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: Process Memory Space: javaw.exe PID: 8132, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: Process Memory Space: javaw.exe PID: 8132, type: MEMORYSTR
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B938450 ?NotifyAdapterEventListeners@D3DPipelineManager@@SAXIJ@Z,_JNU_GetEnv@8,JNU_CallStaticMethodByName,9_2_6B938450
    Source: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exeCode function: 9_2_6B979F36 _Java_sun_awt_shell_Win32ShellFolder2_bindToObject@24,9_2_6B979F36
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure1
    Replication Through Removable Media
    2
    Native API
    1
    DLL Side-Loading
    1
    DLL Side-Loading
    11
    Disable or Modify Tools
    11
    Input Capture
    2
    System Time Discovery
    Remote Services1
    Archive Collected Data
    1
    Web Service
    Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts13
    Command and Scripting Interpreter
    1
    Registry Run Keys / Startup Folder
    11
    Process Injection
    1
    Deobfuscate/Decode Files or Information
    LSASS Memory11
    Peripheral Device Discovery
    Remote Desktop Protocol11
    Input Capture
    12
    Encrypted Channel
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Registry Run Keys / Startup Folder
    3
    Obfuscated Files or Information
    Security Account Manager2
    File and Directory Discovery
    SMB/Windows Admin Shares2
    Clipboard Data
    1
    Non-Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    Software Packing
    NTDS35
    System Information Discovery
    Distributed Component Object ModelInput Capture2
    Application Layer Protocol
    Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    Timestomp
    LSA Secrets231
    Security Software Discovery
    SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading
    Cached Domain Credentials2
    Virtualization/Sandbox Evasion
    VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
    File Deletion
    DCSync1
    Process Discovery
    Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job32
    Masquerading
    Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt2
    Virtualization/Sandbox Evasion
    /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron11
    Process Injection
    Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1554997 Sample: AYoF5MX6wK.exe Startdate: 13/11/2024 Architecture: WINDOWS Score: 68 42 pastebin.com 2->42 46 Yara detected STRRAT 2->46 48 Found API chain indicative of debugger detection 2->48 50 Found suspicious ZIP file 2->50 8 msiexec.exe 209 269 2->8         started        12 AYoF5MX6wK.exe 284 2->12         started        signatures3 52 Connects to a pastebin service (likely for C&C) 42->52 process4 file5 26 C:\Windows\Installer\MSIFE8D.tmp, PE32 8->26 dropped 28 C:\Windows\Installer\MSIFE5D.tmp, PE32 8->28 dropped 30 C:\Windows\Installer\MSIFE0E.tmp, PE32 8->30 dropped 38 97 other files (none is malicious) 8->38 dropped 54 Creates autostart registry keys to launch java 8->54 14 msiexec.exe 8->14         started        17 msiexec.exe 8->17         started        19 run-file.exe 8->19         started        32 C:\Users\user\AppData\Roaming\...\decoder.dll, PE32 12->32 dropped 34 C:\Users\user\AppData\...\run-file.exe, PE32 12->34 dropped 36 C:\Users\user\AppData\Roaming\...\zip.dll, PE32 12->36 dropped 40 95 other files (none is malicious) 12->40 dropped 21 msiexec.exe 4 12->21         started        signatures6 process7 signatures8 56 Query firmware table information (likely to detect VMs) 14->56 23 javaw.exe 23 19->23         started        process9 dnsIp10 44 pastebin.com 104.20.3.235, 443, 49736 CLOUDFLARENETUS United States 23->44

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    AYoF5MX6wK.exe3%ReversingLabs
    SourceDetectionScannerLabelLink
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\JAWTAccessBridge-32.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\JAWTAccessBridge.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\JavaAccessBridge-32.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\JavaAccessBridge.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\WindowsAccessBridge-32.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\WindowsAccessBridge.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\awt.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\bci.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\client\jvm.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\dcpr.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\decora_sse.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\deploy.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\dt_shmem.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\dt_socket.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\dtplugin\deployJava1.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\dtplugin\npdeployJava1.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\eula.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\fontmanager.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\fxplugins.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\glass.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\glib-lite.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\gstreamer-lite.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\hprof.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\instrument.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\j2pcsc.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\j2pkcs11.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jaas_nt.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jabswitch.exe0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\java-rmi.exe0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\java.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\java.exe0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\java_crw_demo.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javacpl.cpl0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javacpl.exe0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javafx_font.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javafx_font_t2k.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javafx_iio.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exe0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaws.exe0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jawt.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jdwp.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jfr.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jfxmedia.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jfxwebkit.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jjs.exe0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jli.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jp2iexp.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jp2launcher.exe0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jp2native.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jp2ssv.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jpeg.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jsdt.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jsound.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\jsoundds.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\kcms.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\keytool.exe0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\kinit.exe0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\klist.exe0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\ktab.exe0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\lcms.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\management.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\mlib_image.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\msvcp120.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\msvcr100.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\msvcr120.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\net.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\nio.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\npt.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\orbd.exe0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\pack200.exe0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\plugin2\msvcr100.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\plugin2\npjp2.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\policytool.exe0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\prism_common.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\prism_d3d.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\prism_sw.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\resource.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\rmid.exe0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\rmiregistry.exe0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\servertool.exe0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\splashscreen.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\ssv.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\ssvagent.exe0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\sunec.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\sunmscapi.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\t2k.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\tnameserv.exe0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\unpack.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\unpack200.exe0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\verify.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\w2k_lsa_auth.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\wsdetect.dll0%ReversingLabs
    C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\zip.dll0%ReversingLabs
    No Antivirus matches
    No Antivirus matches
    SourceDetectionScannerLabelLink
    http://javax.xml.XMLConstants/property/accessExternalDTDR0%Avira URL Cloudsafe
    http://www.chambersign.org30%Avira URL Cloudsafe
    http://policy.camerfirma.com;0%Avira URL Cloudsafe
    HTTP://WWW.CHAMBERSIGN.ORG0%Avira URL Cloudsafe
    http://policy.camerfirma.comC0%Avira URL Cloudsafe
    http://www.certplus.com/CRL/class2.crl0%Avira URL Cloudsafe
    http://javax.xml.transform.sax.SAXResult/feature#0%Avira URL Cloudsafe
    http://www.quovadis.bmKy0%Avira URL Cloudsafe
    http://xml.apache.org/xalan-j0%Avira URL Cloudsafe
    http://www.certplus.com/CRL/class3P.crl0%Avira URL Cloudsafe
    http://asm.objectweb.org0%Avira URL Cloudsafe
    http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0%Avira URL Cloudsafe
    http://xml.org/sax/features/string-interningfeature0%Avira URL Cloudsafe
    http://oss.oracle.com/projects/webkit-java-mods/0%Avira URL Cloudsafe
    http://xml.apache.org/xsltr;0%Avira URL Cloudsafe
    http://javax.xml.XMLConstants/property/accessExternalSchemaD0%Avira URL Cloudsafe
    http://oss.oracle.com/projects/gstreamer-mods/0%Avira URL Cloudsafe
    NameIPActiveMaliciousAntivirus DetectionReputation
    pastebin.com
    104.20.3.235
    truefalse
      high
      NameSourceMaliciousAntivirus DetectionReputation
      http://javafx.com/fxml/1javaw.exe, 00000009.00000002.2118361019.000000000A700000.00000004.00001000.00020000.00000000.sdmpfalse
        high
        http://www.quovadis.bmKyjavaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        unknown
        http://javax.xml.XMLConstants/property/accessExternalDTDRjavaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        unknown
        http://apache.org/xml/features/validation/schema/augment-psvijavaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
          high
          http://apache.org/xml/properties/input-buffer-sizejavaw.exe, 00000009.00000002.2121264433.0000000015110000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
            high
            http://www.chambersign.org1javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpfalse
              high
              http://www.chambersign.org3javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              unknown
              http://repository.swisssign.com/0javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A9BA000.00000004.00001000.00020000.00000000.sdmpfalse
                high
                HTTP://WWW.CHAMBERSIGN.ORGjavaw.exe, 00000009.00000002.2107188849.000000000510F000.00000004.00001000.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://apache.org/xml/properties/internal/entity-managerjavaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                  high
                  http://apache.org/xml/features/internal/parser-settingsjavaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                    high
                    http://apache.org/xml/features/dom/include-ignorable-whitespacejavaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                      high
                      http://java.sun.com/xml/dom/properties/javaw.exe, 00000009.00000002.2121264433.0000000015161000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                        high
                        http://apache.org/xml/properties/internal/stax-entity-resolverjavaw.exe, 00000009.00000002.2121264433.0000000015110000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                          high
                          http://policy.camerfirma.com;javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          http://www.oracle.com/hotspot/jvm/vm/compiler/idjavaw.exe, javaw.exe, 00000009.00000002.2126155193.000000006BD31000.00000002.00000001.01000000.0000000C.sdmpfalse
                            high
                            http://xml.apache.org/xalan-jresources.jar.1.drfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://apache.org/xml/features/xinclude/fixup-base-urisjavaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                              high
                              http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocationjavaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                high
                                http://apache.org/xml/properties/internal/error-reporterjavaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                  high
                                  http://apache.org/xml/features/validation/schema:javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpfalse
                                    high
                                    http://policy.camerfirma.comCjavaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    http://apache.org/xml/properties/schema/external-schemaLocationJjavaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpfalse
                                      high
                                      http://www.ietf.org/rfc/rfc4051.txtresources.jar.1.drfalse
                                        high
                                        http://www.oracle.com/hotspot/jvm/java/monitor/addressjavaw.exe, javaw.exe, 00000009.00000002.2126155193.000000006BD31000.00000002.00000001.01000000.0000000C.sdmpfalse
                                          high
                                          http://apache.org/xml/features/include-commentsjavaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                            high
                                            http://apache.org/xml/features/scanner/notify-char-refsjavaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                              high
                                              http://javax.xml.transform.sax.SAXResult/feature#javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              http://apache.org/xml/properties/internal/symbol-table6javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                high
                                                http://apache.org/xml/features/namespacesYjavaw.exe, 00000009.00000002.2122107417.0000000015A71000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  high
                                                  http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace3javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    http://policy.camerfirma.com0javaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      high
                                                      http://java.sun.com/xml/stream/properties/ignore-external-dtdjavaw.exe, 00000009.00000002.2121264433.0000000015110000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A860000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        high
                                                        http://java.sun.com/xml/stream/properties/ignore-external-dtd9javaw.exe, 00000009.00000002.2121264433.0000000015110000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          http://apache.org/xml/features/continue-after-fatal-errorjavaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            high
                                                            http://apache.org/xml/features/standard-uri-conformantjavaw.exe, 00000009.00000002.2121264433.0000000015110000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              high
                                                              http://apache.org/xml/properties/internal/document-scannerjavaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                high
                                                                http://www.oracle.com/hotspot/jdk/jfr.jar.0.drfalse
                                                                  high
                                                                  http://www.certplus.com/CRL/class2.crljavaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000AA89000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  http://bugreport.sun.com/bugreport/javaw.exe, 00000009.00000002.2127997238.000000006F823000.00000002.00000001.01000000.0000000E.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A212000.00000004.00001000.00020000.00000000.sdmp, java.dll.0.drfalse
                                                                    high
                                                                    http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://java.oracle.com/javaw.exe, 00000009.00000002.2127997238.000000006F823000.00000002.00000001.01000000.0000000E.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A217000.00000004.00001000.00020000.00000000.sdmp, java.dll.0.drfalse
                                                                        high
                                                                        http://apache.org/xml/features/javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://apache.org/xml/features/generate-synthetic-annotationsjavaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://www.oracle.com/technetwork/java/javaseproducts/C:javaw.exe, 00000009.00000002.2126155193.000000006BD31000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                              high
                                                                              http://www.symauth.com/cps0(fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, dt_shmem.dll.1.dr, klist.exe.1.dr, t2k.dll.0.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, javafx_iio.dll.1.dr, jjs.exe.1.drfalse
                                                                                high
                                                                                http://xml.org/sax/features/allow-dtd-events-after-endDTDjavaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://cps.chambersign.org/cps/chambersroot.htmljavaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000AA89000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://www.certplus.com/CRL/class3P.crljavaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000AA89000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    unknown
                                                                                    http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-onlyjavaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://xml.org/sax/features/string-interningfeaturejavaw.exe, 00000009.00000002.2122107417.0000000015A71000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      unknown
                                                                                      http://crl.securetrust.com/STCA.crljavaw.exe, 00000009.00000002.2118361019.000000000AA89000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://apache.org/xml/features/namespace-growth;javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://apache.org/xml/properties/internal/namespace-binderjavaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://www.oracle.com/hotspot/jvm/vm/gc/idjavaw.exe, javaw.exe, 00000009.00000002.2126155193.000000006BD31000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                              high
                                                                                              http://www.symauth.com/rpa00fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, dt_shmem.dll.1.dr, klist.exe.1.dr, t2k.dll.0.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, javafx_iio.dll.1.dr, jjs.exe.1.drfalse
                                                                                                high
                                                                                                http://www.oracle.com/xml/is-standalonejavaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://javax.xml.transform.sax.SAXTransformerFactory/featurejavaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmp, jfr.jar.0.drfalse
                                                                                                    high
                                                                                                    http://javafx.com/vp6decoderflvdemuxfxplugins.dll.0.drfalse
                                                                                                      high
                                                                                                      http://javax.xml.XMLConstants/property/accessExternalStylesheetjavaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://www.advancedinstaller.comAYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000004045000.00000004.00001000.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1935779407.0000000003E17000.00000004.00000020.00020000.00000000.sdmp, AYoF5MX6wK.exe, 00000000.00000003.1777347912.0000000003EF0000.00000004.00001000.00020000.00000000.sdmp, MSIFD80.tmp.1.dr, MSIFE0E.tmp.1.dr, MSIFAA2.tmp.0.drfalse
                                                                                                          high
                                                                                                          http://apache.org/xml/properties/security-managerjavaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            http://www.oracle.com/technetwork/java/javaseproducts/javaw.exe, javaw.exe, 00000009.00000002.2126155193.000000006BD31000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                              high
                                                                                                              http://java.sun.com/xml/dom/properties/ancestor-checkjavaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://xml.apache.org/xsltjavaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://www.oracle.com/hotspot/jvm/javaw.exe, javaw.exe, 00000009.00000002.2126155193.000000006BD31000.00000002.00000001.01000000.0000000C.sdmp, jfr.jar.0.drfalse
                                                                                                                    high
                                                                                                                    http://javax.xml.transform.stax.StAXResult/featurejavaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      http://asm.objectweb.orgjavaw.exe, 00000009.00000002.2118361019.000000000A501000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      unknown
                                                                                                                      http://apache.org/xml/features/dom/include-ignorable-whitespace:javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        http://apache.org/xml/features/xincludejavaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          http://apache.org/xml/features/validation/schema-full-checkingjavaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            http://javax.xml.XMLConstants/property/javaw.exe, 00000009.00000002.2121264433.0000000015161000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              http://apache.org/xml/properties/internal/dtd-scanner7javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                http://java.sun.com/j2se/1.6.0/docs/guide/standards/).resources.jar.1.drfalse
                                                                                                                                  high
                                                                                                                                  http://openjdk.java.net/jeps/220).javaw.exe, javaw.exe, 00000009.00000002.2126155193.000000006BD31000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                                                                                                    high
                                                                                                                                    http://apache.org/xml/properties/internal/grammar-pooljavaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      http://apache.org/xml/properties/localejavaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        http://javax.xml.XMLConstants/property/accessExternalSchemaDjavaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        unknown
                                                                                                                                        http://java.sun.com/xml/stream/properties/reader-in-defined-statejavaw.exe, 00000009.00000002.2121264433.0000000015161000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          http://crl.thawte.com/ThawteTimestampingCA.crl0fxplugins.dll.0.dr, javafx_iio.dll.0.dr, java.dll.0.dr, dt_shmem.dll.1.dr, klist.exe.1.dr, t2k.dll.0.dr, jp2ssv.dll.1.dr, JavaAccessBridge-32.dll.1.dr, resource.dll.1.dr, bci.dll.0.dr, lcms.dll.0.dr, tnameserv.exe.0.dr, rmiregistry.exe.1.dr, verify.dll.1.dr, JavaAccessBridge-32.dll.0.dr, jfxmedia.dll.0.dr, javafx_iio.dll.1.dr, jjs.exe.1.drfalse
                                                                                                                                            high
                                                                                                                                            http://www.quovadisglobal.com/cps0javaw.exe, 00000009.00000002.2118361019.000000000A9BA000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crljavaw.exe, 00000009.00000002.2118361019.000000000AB8F000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000AA89000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              unknown
                                                                                                                                              http://apache.org/xml/features/allow-java-encodingsjavaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                http://oss.oracle.com/projects/webkit-java-mods/THIRDPARTYLICENSEREADME-JAVAFX.txt.1.drfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                unknown
                                                                                                                                                http://www.oracle.com/feature/use-service-mechanismjavaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  http://xml.apache.org/xsltr;javaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  unknown
                                                                                                                                                  http://javax.xml.XMLConstants/property/accessExternalDTDjavaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    http://apache.org/xml/features/validation/warn-on-undeclared-elemdef3javaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      http://apache.org/xml/xmlschema/1.0/anonymousTypesjavaw.exe, 00000009.00000002.2121264433.0000000015161000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        http://oss.oracle.com/projects/gstreamer-mods/THIRDPARTYLICENSEREADME-JAVAFX.txt.1.drfalse
                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                        unknown
                                                                                                                                                        http://javax.xml.transform.stream.StreamSource/featurejavaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          http://apache.org/xml/features/validation/schema/normalized-valuejavaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            http://apache.org/xml/features/xinclude/fixup-languagejavaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              http://apache.org/xml/properties/security-managerhjavaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                http://javax.xml.transform.dom.DOMSource/featurejavaw.exe, 00000009.00000002.2121264433.0000000015256000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://github.com/TsSaltan/DevelNext-jURL/releases/latestjavaw.exe, 00000009.00000002.2118361019.000000000AA89000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2123607892.0000000016820000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    http://www.quovadisglobal.com/cpsjavaw.exe, 00000009.00000002.2118361019.000000000AA74000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000AA89000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      http://apache.org/xml/properties/dom/document-class-namejavaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespacejavaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          high
                                                                                                                                                                          http://apache.org/xml/properties/internal/symbol-tablejavaw.exe, 00000009.00000002.2122107417.00000000158B1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000009.00000002.2118361019.000000000A6C7000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                            • 75% < No. of IPs
                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                            104.20.3.235
                                                                                                                                                                            pastebin.comUnited States
                                                                                                                                                                            13335CLOUDFLARENETUSfalse
                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                            Analysis ID:1554997
                                                                                                                                                                            Start date and time:2024-11-13 10:10:10 +01:00
                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                            Overall analysis duration:0h 11m 38s
                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                            Report type:full
                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                            Number of analysed new started processes analysed:11
                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                            Technologies:
                                                                                                                                                                            • HCA enabled
                                                                                                                                                                            • EGA enabled
                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                            Sample name:AYoF5MX6wK.exe
                                                                                                                                                                            renamed because original name is a hash value
                                                                                                                                                                            Original Sample Name:8702696887f8dd78d3d9df8b7335f4cc03e541774630b77ecd84b72d57da234f.exe
                                                                                                                                                                            Detection:MAL
                                                                                                                                                                            Classification:mal68.troj.evad.winEXE@12/464@1/1
                                                                                                                                                                            EGA Information:
                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                            HCA Information:
                                                                                                                                                                            • Successful, ratio: 95%
                                                                                                                                                                            • Number of executed functions: 38
                                                                                                                                                                            • Number of non-executed functions: 383
                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                            • VT rate limit hit for: AYoF5MX6wK.exe
                                                                                                                                                                            No simulations
                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            104.20.3.235cr_asm3.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • pastebin.com/raw/sA04Mwk2
                                                                                                                                                                            gabe.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • pastebin.com/raw/sA04Mwk2
                                                                                                                                                                            cr_asm.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • pastebin.com/raw/sA04Mwk2
                                                                                                                                                                            cr_asm_atCAD.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                            • pastebin.com/raw/sA04Mwk2
                                                                                                                                                                            vF20HtY4a4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • pastebin.com/raw/sA04Mwk2
                                                                                                                                                                            OSLdZanXNc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • pastebin.com/raw/sA04Mwk2
                                                                                                                                                                            5UIy3bo46y.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • pastebin.com/raw/sA04Mwk2
                                                                                                                                                                            Lm9IJ4r9oO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • pastebin.com/raw/sA04Mwk2
                                                                                                                                                                            BeginSync lnk.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • pastebin.com/raw/sA04Mwk2
                                                                                                                                                                            sostener.vbsGet hashmaliciousNjratBrowse
                                                                                                                                                                            • pastebin.com/raw/V9y5Q5vv
                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            pastebin.comPqSIlYOaIF.exeGet hashmaliciousLummaC, XmrigBrowse
                                                                                                                                                                            • 172.67.19.24
                                                                                                                                                                            ERxqzVIPur.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 104.20.3.235
                                                                                                                                                                            ERxqzVIPur.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 104.20.3.235
                                                                                                                                                                            asegurar.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                            • 104.20.4.235
                                                                                                                                                                            segura.vbsGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                                                                                            • 104.20.4.235
                                                                                                                                                                            3.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 104.20.4.235
                                                                                                                                                                            z3356_DNF_E2I36P5K_26.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 172.67.19.24
                                                                                                                                                                            86#U041b.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                            • 104.20.3.235
                                                                                                                                                                            lime_single.exeGet hashmaliciousLimeRATBrowse
                                                                                                                                                                            • 104.20.4.235
                                                                                                                                                                            lime.exeGet hashmaliciousLimeRATBrowse
                                                                                                                                                                            • 104.20.3.235
                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            CLOUDFLARENETUSXeno Executor Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                            Xeno Executor Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                            http://track.reviewmgr.com/ls/click?upn=u001.W5y-2Fhe84rCuLxXDO470nfuKD2Iz98QeQpE-2BkxRR0H-2BqB5cDKklujIJ5FLru7QrAASOSa17vR-2FSCLVAx4lWyy5Q-3D-3DNnGv_Yp4ydSxZWNatis3HtI6bBrJjg57JYwT6kbyY2f89Z-2FBhxNJZyCBl9w6yXNV0YfiKUAGjaILaAN0mF43Ydvv3aAXjCPBMrYvHXhqj-2F90M8IWSluK-2FDr0h4-2FIbAXpExZIWOjtRSKBCrpvm-2BHKZd6Q2itOPvvv8Wh8uHJq1rbQgzA92MMGG0eeFCZzQMnosAWydLTI7R4yQPl90fJpGVjewvRcCF77tY5-2B3PAHwq6SU-2Fc2kSK8E1mMumIEdp0dsw2BfptVK6-2FXO4Hh-2FAV8-2FJ5YFUs6qp3oyRx3LiWrBnDVYrVE-3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                            rGO880-PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 172.67.181.11
                                                                                                                                                                            PO AT-5228.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                            • 104.21.14.183
                                                                                                                                                                            Loader.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            • 188.114.97.3
                                                                                                                                                                            http://t.nypost.com/1/e/r?aqet=clk&r=2&ca=26510028&v0=aftua%40gmail.com&ru=//www.google.it/url?q=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.ro/url?q=https://digitalplatform-admin-p.azurewebsites.net/external-link/?targetURL=https://www.google.nl/url?q=ZFCKQSES42J831UCOWMB4MEAK36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%SERIAL%25wDnNeW8yycT&sa=t&esrc=nNeW8F%SERIAL%25A0xys8Em2FL&source=&cd=tS6T8%SERIAL%25Tiw9XH&cad=XpPkDfJX%SERIAL%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%62%79%64%61%2E%6E%67%2F%63%69%67%2E%62%69%6E%2F%67%67%6C%6E%46%78%50%51%30%47%76%38%64%43%45%35%45%43%61%37%66%37%78%63%58%71%32%79%74%4D%57%65%54%6E%31%37%53%74%68%66%4C%56%74%52%44%70%4E%58%36%63%6B%42%66%50%7A%42%38%6B%51%52%36%38%64%67%53%64%31%4C%6C%73%33%71%37%76%6E%79%6E%48%6D%75%41%73%31%2F%23Y2hyaXN0b3BoZXIuZG9sYW5AdmlyZ2lubW9uZXkuY29tGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                                                            • 104.17.25.14
                                                                                                                                                                            setup7.0.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                            • 104.26.13.205
                                                                                                                                                                            blhbZrtqbLg6O1K.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                            Updatev4_5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            • 104.21.80.55
                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            2db6873021f2a95daa7de0d93a1d1bf2Confirm Me.exeGet hashmaliciousSTRRATBrowse
                                                                                                                                                                            • 104.20.3.235
                                                                                                                                                                            PInstaller.exeGet hashmaliciousSTRRATBrowse
                                                                                                                                                                            • 104.20.3.235
                                                                                                                                                                            123.sfx.exeGet hashmaliciousSTRRATBrowse
                                                                                                                                                                            • 104.20.3.235
                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                            C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\JAWTAccessBridge-32.dllConfirm Me.exeGet hashmaliciousSTRRATBrowse
                                                                                                                                                                              PInstaller.exeGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                123.sfx.exeGet hashmaliciousSTRRATBrowse
                                                                                                                                                                                  EYOFFTITMDLXZJFFCCGFDTBIY.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    SSCBOLGZFXVJMEICRNQMJOCDIF.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      BOCTGZXINFFCD20242108.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        PGCTGZXFCD20242008.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          CloudInstaller.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                              uChcvn3L6R.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                Size (bytes):38966
                                                                                                                                                                                                Entropy (8bit):5.888541179822635
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:8Yn+1ArnPg30pjqPTbgEQfnb8uIRKZRogrDv7IILlXmrFuqzLXJARBG0Q91CrT7s:8Y+1ATPgEpjqLQbpmEBE7fWdi1j
                                                                                                                                                                                                MD5:6CF5C8B80C83E2C0B81D807FAFEB3010
                                                                                                                                                                                                SHA1:D15C2A0122978190F9E8FF4A95F8D66247AD2636
                                                                                                                                                                                                SHA-256:EDDED67D4A08B8B17543DF4930A3DEBA225CC0748BA9FC05FA66B746C5CA59F3
                                                                                                                                                                                                SHA-512:FCB64206F2C516D1CEE801C2E321E99B8613650CB17784133065F3FEDAFD5A74E5EE1EA85BC70D0EFA1230D2FC7631D6106BE41DDAFD98B923F5C492E8FD7FD6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Preview:...@IXOS.@.....@o!mY.@.....@.....@.....@.....@.....@......&.{0CD4A799-CA89-4B58-9969-139C252455D3}..SkimarUtils..Installer.msi.@.....@.....@.....@........&.{9E5A5A93-AA4B-491F-8520-6B9F3DD0B637}.....@.....@.....@.....@.......@.....@.....@.......@......SkimarUtils......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{A4B5561E-C0B0-4A06-996C-584D1AED0553}&.{0CD4A799-CA89-4B58-9969-139C252455D3}.@......&.{9BF76B24-4141-4DDD-9E2E-CC0FD61FF350}&.{0CD4A799-CA89-4B58-9969-139C252455D3}.@......&.{D13CA23A-8685-42AD-97E5-680E1405D614}&.{0CD4A799-CA89-4B58-9969-139C252455D3}.@......&.{9002F2BB-DA33-4DB4-884D-6143E3EB4E52}&.{0CD4A799-CA89-4B58-9969-139C252455D3}.@......&.{74A4FEEF-EF68-46FA-8812-A87DEF54E7D9}&.{0CD4A799-CA89-4B58-9969-139C252455D3}.@......&.{25DB445B-9D48-4369-8D98-439C1E29A34E}&.{0CD4A799-CA89-4B58-9969-139C252455D3}.@......&.{212D041D-4957-4A0B-8C26-3DAEE3E4DE3E}&.{0CD4A799-CA89-4B58-99
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ISO-8859 text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3313
                                                                                                                                                                                                Entropy (8bit):4.557128068430301
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:a58tiSm9iicC7CRRS9i7cq11iUDcsMLks0h9n:WOi59rcF/Cigq11iUD5MLks0z
                                                                                                                                                                                                MD5:FC605D978E7825595D752DF2EF03F8AF
                                                                                                                                                                                                SHA1:C493C9541CAAEE4BFE3B3E48913FD9DF7809299F
                                                                                                                                                                                                SHA-256:7D697EAA9ACF50FE0B57639B3C62FF02916DA184F191944F49ECA93D0BB3374F
                                                                                                                                                                                                SHA-512:FB811DE6A2B36B28CA904224EA3525124BD4628CA9618C70EB9234AB231A09C1B1F28D9B6301581A4FA2E20F1036D5E1C3D6F1BF316C7FE78EF6EDEAE50EA40E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                                                                Preview:Copyright . 1993, 2016, Oracle and/or its affiliates...All rights reserved.....This software and related documentation are provided under a..license agreement containing restrictions on use and..disclosure and are protected by intellectual property laws...Except as expressly permitted in your license agreement or..allowed by law, you may not use, copy, reproduce, translate,..broadcast, modify, license, transmit, distribute, exhibit,..perform, publish, or display any part, in any form, or by..any means. Reverse engineering, disassembly, or..decompilation of this software, unless required by law for..interoperability, is prohibited.....The information contained herein is subject to change..without notice and is not warranted to be error-free. If you..find any errors, please report them to us in writing.....If this is software or related documentation that is..delivered to the U.S. Government or anyone licensing it on..behalf of the U.S. Government, the following notice is..applicable:...
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                Entropy (8bit):4.271470906740504
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:c3AXFshzhRSkv:c9hzhgkv
                                                                                                                                                                                                MD5:67CB88F6234B6A1F2320A23B197FA3F6
                                                                                                                                                                                                SHA1:877ACEBA17B28CFFF3F5DF664E03B319F23767A1
                                                                                                                                                                                                SHA-256:263E21F4B43C118A8B4C07F1A8ACB11CAFC232886834433E34187F5663242360
                                                                                                                                                                                                SHA-512:4D43E5EDECAB92CEBD853204C941327DCCBFD071A71F066C12F7FB2F1B2DEF59C37A15CE05C4FE06EC2EA296B8630C4E938254A8A92E149E4A0A82C4307D648F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                                                                Preview:Please refer to http://java.com/license..
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):47
                                                                                                                                                                                                Entropy (8bit):4.2563005536211715
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:c3AXFshzhRSkjn:c9hzhgkjn
                                                                                                                                                                                                MD5:4BDA1F1B04053DCFE66E87A77B307BB1
                                                                                                                                                                                                SHA1:B8B35584BE24BE3A8E1160F97B97B2226B38FA7D
                                                                                                                                                                                                SHA-256:FD475B1619675B9FB3F5CD11D448B97EDDEE8D1F6DDCCA13DED8BC6E0CAA9CF3
                                                                                                                                                                                                SHA-512:997CEE676018076E9E4E94D61EC94D5B69B148B3152A0148E70D0BE959533A13AD0BC1E8B43268F91DB08B881BF5050A6D5C157D456597260A2B332A48068980
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Please refer to http://java.com/licensereadme..
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):111645
                                                                                                                                                                                                Entropy (8bit):4.8590909329531025
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:iiVRF8bLuepEvc5O5YwT3JJ4WOHHA/AFjrlHyEepdfZ9JIH4gDq:dRMiCOjJJ4pg/0Hx9MlZ9KH47
                                                                                                                                                                                                MD5:0E05BD8B9BFCF17F142445D1F8C6561C
                                                                                                                                                                                                SHA1:CF0A9F4040603008891AA0731ABF89CE2403F2FB
                                                                                                                                                                                                SHA-256:C3EA3996241B8E9AE7DB3780E470174076FD2003D8AEFAA77BF0BAB5E04DE050
                                                                                                                                                                                                SHA-512:07C7865D31D22BA0C68E384AFEDC22261F7B3A82BEBC9324145FF7F631623ECA2DC31C71CDBBFC9FEBC1733451A095302DE2A0877821A5B68038E350969BF460
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.DO NOT TRANSLATE OR LOCALIZE....***************************************************************************....%%The following software may be included in this product:..Microsoft DirectShow - Base Classes....Use of any of this software is governed by the terms of the license below:....MSDN - Information on Terms of Use....Updated: February 13, 2008....ON THIS PAGE.... * ACCEPTANCE OF TERMS.. * PRIVACY AND PROTECTION OF PERSONAL INFORMATION.. * NOTICE SPECIFIC TO APIs AVAILABLE ON THIS WEB SITE.. * NOTICE SPECIFIC TO SOFTWARE AVAILABLE ON THIS WEB SITE.. * NOTICE SPECIFIC TO DOCUMENTATION AVAILABLE ON THIS WEB SITE.. * NOTICES REGARDING SOFTWARE, DOCUMENTATION, APIS AND SERVICES AVAILABLE ON..THIS WEB SITE.. * RESERVATION OF RIGHTS.. * MEMBER ACCOUNT, PASSWORD, AND SECURITY.. * NO UNLAWFUL OR PROHIBITED USE.. * USE OF SERVICES.. * MATERIALS PROVIDED TO MICROSOFT OR POSTED AT ANY MICROSOFT WEB SITE.. * NOTICES AND PROCEDURE FOR MAKING CLAIMS OF COP
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):180668
                                                                                                                                                                                                Entropy (8bit):5.064180003233063
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:54ct+BcF1N7m8arf1kHRSusX2NyJ9KH4PF4j52eTjLAzE7GzmCK+XNhalQxkM8QB:N7mtrf1GhMF4j5RMGQoyzaXmR
                                                                                                                                                                                                MD5:0E87879F452892B85C81071A1DDD5A2A
                                                                                                                                                                                                SHA1:2CF97C1A84374A6FBBD5D97FE1B432FA799C3B19
                                                                                                                                                                                                SHA-256:9C18836FD0B5E4B0C57CFFDB74574FA5549085C3B327703DC8EFE4208F4E3321
                                                                                                                                                                                                SHA-512:10BA68FFD9DEAB10A0B200707C3AF9E95E27AED004F66F049D41310CB041B7618EE017219C848912D5951599208D385BCB928DD33175652101C7E5BC2E3EBA5B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:DO NOT TRANSLATE OR LOCALIZE...-----------------------------....%% This notice is provided with respect to ASM Bytecode Manipulation ..Framework v5.0.3, which may be included with JRE 8, and JDK 8, and ..OpenJDK 8.....--- begin of LICENSE ---....Copyright (c) 2000-2011 France T.l.com..All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions..are met:....1. Redistributions of source code must retain the above copyright.. notice, this list of conditions and the following disclaimer.....2. Redistributions in binary form must reproduce the above copyright.. notice, this list of conditions and the following disclaimer in the.. documentation and/or other materials provided with the distribution.....3. Neither the name of the copyright holders nor the names of its.. contributors may be used to endorse or promote products derived from.. this software without specific prior written
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):983
                                                                                                                                                                                                Entropy (8bit):5.135635144562017
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:+STATDcxWpAVjXQ5cjaJ2gjQo4OSED6R8R/TtDpM:+STATD7pqjXBeJdso4OnxRc
                                                                                                                                                                                                MD5:3CB773CB396842A7A43AD4868A23ABE5
                                                                                                                                                                                                SHA1:ACE737F039535C817D867281190CA12F8B4D4B75
                                                                                                                                                                                                SHA-256:F450AEE7E8FE14512D5A4B445AA5973E202F9ED1E122A8843E4DC2D4421015F0
                                                                                                                                                                                                SHA-512:6058103B7446B61613071C639581F51718C12A9E7B6ABD3CF3047A3093C2E54B2D9674FAF9443570A3BB141F839E03067301FF35422EB9097BD08020E0DD08A4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<html>..<head>..<title>..Welcome to the Java(TM) Platform..</title>..</head>..<body>....<h2>Welcome to the Java<SUP><FONT SIZE=-2>TM</FONT></SUP> Platform</h2>..<p> Welcome to the Java<SUP><FONT SIZE=-2>TM</FONT></SUP> Standard Edition Runtime .. Environment. This provides complete runtime support for Java applications. ..<p> The runtime environment includes the Java<SUP><FONT SIZE=-2>TM</FONT></SUP> .. Plug-in product which supports the Java environment inside web browsers. ..<h3>References</h3>..<p>..See the <a href="http://download.oracle.com/javase/7/docs/technotes/guides/plugin/">Java Plug-in</a> product..documentation for more information on using the Java Plug-in product...<p> See the <a href=.."http://www.oracle.com/technetwork/java/javase/overview/"..>Java Platform</a> web site for .. more information on the Java Platform. ..<hr>..<font size="-2">..Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved...</font>..<p>..</body>..</html>..
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14912
                                                                                                                                                                                                Entropy (8bit):6.141852308272967
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:7pQMhM63XLPVT6MsMPapRuBUEp7nYe+PjPriT0fwtK:7muL7PV4aapRuBTp7nYPLr7J
                                                                                                                                                                                                MD5:D63933F4E279A140CC2A941CCFF38348
                                                                                                                                                                                                SHA1:75169BE2E9BCFE20674D72D43CA6E2BC4A5A9382
                                                                                                                                                                                                SHA-256:532D049E0D7A265754902C23B0F150D665A78A3D6FE09AD51C9BE8C29D574A3D
                                                                                                                                                                                                SHA-512:D7A5023A5EB9B0C3B2AD6F55696A166F07FA60F9D1A12D186B23AAAACC92EF948CB5DFFA013AFC90C4BBE3DE077D591185902384F677D0BAE2FF7CFD5DB5E06C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                • Filename: Confirm Me.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: PInstaller.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: 123.sfx.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: EYOFFTITMDLXZJFFCCGFDTBIY.msi, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: SSCBOLGZFXVJMEICRNQMJOCDIF.msi, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: BOCTGZXINFFCD20242108.msi, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: PGCTGZXFCD20242008.msi, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: CloudInstaller.zip, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: uChcvn3L6R.exe, Detection: malicious, Browse
                                                                                                                                                                                                • Filename: uChcvn3L6R.exe, Detection: malicious, Browse
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5.Z.[.Z.[.Z.[.A<..[.[.A<..Q.[.A<.._.[.S...X.[.Z.Z.D.[.A<..Y.[.A<..[.[.A<..[.[.A<..[.[.RichZ.[.................PE..L...yPjW...........!......................... .....m.........................`......em....@.........................`%......,"..P....@..x............"..@....P.. .... ............................... ..@............ ...............................text............................... ..`.rdata..d.... ......................@..@.data...`....0......................@....rsrc...x....@......................@..@.reloc..^....P....... ..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14912
                                                                                                                                                                                                Entropy (8bit):6.1347115439165085
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:0Usw4DPU3XLPVT6GsKOhWIutUinYe+PjPriT0fwyI8:ew7PVIKyWIutDnYPLr728
                                                                                                                                                                                                MD5:B4EB9B43C293074406ADCA93681BF663
                                                                                                                                                                                                SHA1:16580FB7139D06A740F30D34770598391B70AC96
                                                                                                                                                                                                SHA-256:8CD69AF7171F24D57CF1E6D0D7ACD2B35B4EA5FDF55105771141876A67917C52
                                                                                                                                                                                                SHA-512:A4E999E162B5083B6C6C3EAFEE4D84D1EC1C61DCA6425F849F352FFDCCC2E44DFEE0625C210A8026F9FF141409EEBF9EF15A779B26F59B88E74B6A2CE2E82EF9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5.Z.[.Z.[.Z.[.A<..[.[.A<..Q.[.A<.._.[.S...X.[.Z.Z.D.[.A<..Y.[.A<..[.[.A<..[.[.A<..[.[.RichZ.[.................PE..L...zPjW...........!......................... .....m.........................`.......2....@.........................`%......,"..P....@..p............"..@....P.. .... ............................... ..@............ ...............................text............................... ..`.rdata..a.... ......................@..@.data...`....0......................@....rsrc...p....@......................@..@.reloc..^....P....... ..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):128064
                                                                                                                                                                                                Entropy (8bit):6.428684952829155
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:uN77TJSG78+5Orcj5K/e2Hrgc6kZAn1yEkBKMKy1Zf22QYHJiuzTl8ShzzM+64mn:uNXd178+5fJZnQLo
                                                                                                                                                                                                MD5:2F808ED0642BD5CF8D4111E0AF098BBB
                                                                                                                                                                                                SHA1:006163A07052F3D227C2E541691691B4567F5550
                                                                                                                                                                                                SHA-256:61DFB6126EBA8D5429F156EAAB24FF30312580B0ABE4009670F1DD0BC64F87BB
                                                                                                                                                                                                SHA-512:27DBDA3A922747A031FF7434DE5A596725FF5AE2BC6DD83D6D5565EB2BA180B0516896323294459997B545C60C9E06DA6C2D8DD462A348A6759A404DB0F023A7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[d.@:.N@:.N@:.N[..NB:.N[..NB:.N[..NK:.NIB.NE:.N@:.N{:.N[..NG:.N[..NA:.N[..NA:.N[..NA:.NRich@:.N........PE..L...rPjW...........!................#..............m................................p.....@.........................p...........P.......x...............@...........................................p...@............................................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...x...........................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):127552
                                                                                                                                                                                                Entropy (8bit):6.413283221897154
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:SdQ4jWJt4XChlFavveKSQ4gHK/e2Hrgc6kZAn1y1koKMKy1Zf22QYHJiuzTl8ShM:Sy4SJ1TFavvehc7ZnwEr
                                                                                                                                                                                                MD5:C3DED5F41E28FAF89338FB46382E4C3E
                                                                                                                                                                                                SHA1:6F77920776D39550355B146D672C199A3941F908
                                                                                                                                                                                                SHA-256:4691603DFABE6D7B7BEAC887DADC0E96243C2FF4F9A88CE3793E93356C53AA08
                                                                                                                                                                                                SHA-512:23621F2856899F40CFA9858DC277372BFE39F0205377543EB23E94422D479A53FDF664F4A9A4515C2285811F01D91AB64A834A03A4D3AB0CB7D78F8AF11135FF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[d.@:.N@:.N@:.N[..NB:.N[..NB:.N[..NK:.NIB.NE:.N@:.N{:.N[..NG:.N[..NA:.N[..NA:.N[..NA:.NRich@:.N........PE..L...sPjW...........!...............................m......................................@.........................@...........P.......p...............@...........................................H...@............................................text...n........................... ..`.rdata..............................@..@.data...............................@....rsrc...p...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):97856
                                                                                                                                                                                                Entropy (8bit):6.467907542894502
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:/fHGbDtpt+WfGegcX30EJ4YHiYmRkgAPe+GP8uWg1kQOPt:/w2WfGe/30EWbY4Z+GpWuHOPt
                                                                                                                                                                                                MD5:F78D2BF2C551BE9DF6A2F3210A2964C1
                                                                                                                                                                                                SHA1:B6A4160ECA4C0D0552234FF69BCFDF45F0A2A352
                                                                                                                                                                                                SHA-256:9D18E5421A8606985FA54D7CEA921D1B8930358A2E4CDF5FDF2A8B3E4D857288
                                                                                                                                                                                                SHA-512:AAC8622683BE57518F8B03198A03BF1F760E082692C1FB6252E96CDBA19D3CEB0A6786CCBD7B98830E865297308FA99DBBEA464E41041ABDDA18AEB862BA993F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./zR/k.<|k.<|k.<|p..|{.<|p..|2.<|bc.|n.<|k.=|7.<|p..|O.<|p..|j.<|p..|j.<|p..|j.<|Richk.<|........................PE..L...pPjW...........!................At.............p................................7P....@..........................9..A....1..<....................f..@............................................,..@...............@............................text...\........................... ..`.rdata..Qg.......h..................@..@.data...`,...P.......8..............@....rsrc................F..............@..@.reloc..J............N..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):95808
                                                                                                                                                                                                Entropy (8bit):6.48897048228647
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:EHSB4i2hJwZaDEoDVzkhbyJCAqn9nV+1vkJnHBoY8BK5Hj:EJJwZWEoDVYby81yiBovkHj
                                                                                                                                                                                                MD5:E5A6231FE1E6FEC5F547DFD845D209BC
                                                                                                                                                                                                SHA1:3F21F90ECC377B6099637D5B59593D2415450D45
                                                                                                                                                                                                SHA-256:51355EA8A7DC238483C8069361776103779CE9FE3CD0267770E321E6E4368366
                                                                                                                                                                                                SHA-512:D5D20DF0089F3217B627D39ABD57C61E026D0DC537022FB698F85FA6893C7FA348C40295DEEC78506F0EF608827D39E2F6F3538818BA25E2A0EE1145FCC95940
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./zR/k.<|k.<|k.<|p..|{.<|p..|2.<|bc.|n.<|k.=|7.<|p..|O.<|p..|j.<|p..|j.<|p..|j.<|Richk.<|........................PE..L...qPjW...........!................!o.............p......................................@.........................p7..>...<0..<.......x............^..@...........................................(+..@...............@............................text...<........................... ..`.rdata...e.......f..................@..@.data...`,...P.......0..............@....rsrc...x............>..............@..@.reloc..J............F..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1182272
                                                                                                                                                                                                Entropy (8bit):6.63089480914076
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:68M4H6ioDs5FELnSbY6Ck2IlAnVCXQlFg3:9eaGnkXQlFQ
                                                                                                                                                                                                MD5:159CCF1200C422CED5407FED35F7E37D
                                                                                                                                                                                                SHA1:177A216B71C9902E254C0A9908FCB46E8D5801A9
                                                                                                                                                                                                SHA-256:30EB581C99C8BCBC54012AA5E6084B6EF4FCEE5D9968E9CC51F5734449E1FF49
                                                                                                                                                                                                SHA-512:AB3F4E3851313391B5B8055E4D526963C38C4403FA74FB70750CC6A2D5108E63A0E600978FA14A7201C48E1AFD718A1C6823D091C90D77B17562B7A4C8C40365
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.Q...?...?...?......?.......?.......?.z...?.......?.......?...>.;.?.....s.?.....w.?.......?.......?.......?.Rich..?.........................PE..L...nPjW...........!................,G.............m.........................P......Y.....@.................................,{...........N..............@....P......................................v..@............... ....V..`....................text...<........................... ..`.rdata.............................@..@.data...8....@...~...2..............@....rsrc....N.......P..................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15424
                                                                                                                                                                                                Entropy (8bit):6.380726588633652
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:1Td3hw/L3kKLnYgIOGOOssnPV5Lnf6onYPLr7EbH:1zw/bkKLt7KnddnfPC7S
                                                                                                                                                                                                MD5:A46289384F76C2A41BA7251459849288
                                                                                                                                                                                                SHA1:4D8EF96EDBE07C8722FA24E4A5B96EBFA18BE2C4
                                                                                                                                                                                                SHA-256:728D64BC1FBF48D4968B1B93893F1B5DB88B052AB82202C6840BF7886A64017D
                                                                                                                                                                                                SHA-512:34D62BEB1FA7D8630F5562C1E48839CE9429FAEA980561E58076DF5F19755761454EEB882790EC1035C64C654FC1A8CD5EB46ECA12E2BC81449ACBB73296C9E8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W..W..W../x.W...w.W..W..W....s.W...u.W...@.W...A.W...p.W...q.W...v.W..Rich.W..........................PE..L...nPjW...........!......................... .....m.........................`.......9....@..........................'......|$..<....@...............$..@....P....... ..............................8#..@............ ...............................text............................... ..`.rdata..v.... ......................@..@.data...p....0......................@....rsrc........@......................@..@.reloc.......P......."..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1447
                                                                                                                                                                                                Entropy (8bit):4.228834598358894
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:+3AKdmzfuv6pBSyGJkR/4o6kn2SRGehD+GrspGC/hLRra:BzMUBLGJkBA+RGeV+GrspGC/TO
                                                                                                                                                                                                MD5:F4188DEB5103B6D7015B2106938BFA23
                                                                                                                                                                                                SHA1:8E3781A080CD72FDE8702EB6E02A05A23B4160F8
                                                                                                                                                                                                SHA-256:BD54E6150AD98B444D5D24CEA9DDAFE347ED11A1AAE749F8E4D59C963E67E763
                                                                                                                                                                                                SHA-512:0BE9A00A48CF8C7D210126591E61531899502E694A3C3BA7C3235295E80B1733B6F399CAE58FB4F7BFF2C934DA7782D256BDF46793F814A5F25B7A811D0CB2E3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview: -Xmixed mixed mode execution (default).. -Xint interpreted mode execution only.. -Xbootclasspath:<directories and zip/jar files separated by ;>.. set search path for bootstrap classes and resources.. -Xbootclasspath/a:<directories and zip/jar files separated by ;>.. append to end of bootstrap class path.. -Xbootclasspath/p:<directories and zip/jar files separated by ;>.. prepend in front of bootstrap class path.. -Xnoclassgc disable class garbage collection.. -Xincgc enable incremental garbage collection.. -Xloggc:<file> log GC status to a file with time stamps.. -Xbatch disable background compilation.. -Xms<size> set initial Java heap size.. -Xmx<size> set maximum Java heap size.. -Xss<size> set java thread stack size.. -Xprof output cpu profiling data.. -Xfuture enable strictest checks, an
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3857984
                                                                                                                                                                                                Entropy (8bit):6.850425436805504
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:98304:GyXul1SNceWfkD000V3wnIACM7g6cv/GZ:Q1SgfEP0ZwnIA97dcv/GZ
                                                                                                                                                                                                MD5:39C302FE0781E5AF6D007E55F509606A
                                                                                                                                                                                                SHA1:23690A52E8C6578DE6A7980BB78AAE69D0F31780
                                                                                                                                                                                                SHA-256:B1FBDBB1E4C692B34D3B9F28F8188FC6105B05D311C266D59AA5E5EC531966BC
                                                                                                                                                                                                SHA-512:67F91A75E16C02CA245233B820DF985BD8290A2A50480DFF4B2FD2695E3CF0B4534EB1BF0D357D0B14F15CE8BD13C82D2748B5EDD9CC38DC9E713F5DC383ED77
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$=.$`\.w`\.w`\.w{.Twb\.w..Pwf\.w{.Vwl\.w{.bwl\.wi$[wo\.w`\.w}].w{.cw-^.w{.Swa\.w{.Rwa\.w{.Uwa\.wRich`\.w........PE..L...nPjW...........!......,...........+.......,....m..........................<......q;...@...........................4.......4.......9.(.............:.@.... 9..G....,..............................t2.@.............,.P............................text.....+.......,................. ..`.rdata..Y.....,.......,.............@..@.data...d.....5..*....4.............@....rsrc...(.....9......"7.............@..@.reloc..\.... 9......(7.............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):142912
                                                                                                                                                                                                Entropy (8bit):7.350682736920136
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:aoGzTjLkRPQ9U9NuLqcNicj5ojGylYCE2Iu2jGLF5A9bE8LUekfCz:LGz/oRPGLJN1IGgYCE2L1F5A9bEGUeR
                                                                                                                                                                                                MD5:4BDC32EF5DA731393ACC1B8C052F1989
                                                                                                                                                                                                SHA1:A677C04ECD13F074DE68CC41F13948D3B86B6C19
                                                                                                                                                                                                SHA-256:A3B35CC8C2E6D22B5832AF74AAF4D1BB35069EDD73073DFFEC2595230CA81772
                                                                                                                                                                                                SHA-512:E71EA78D45E6C6BD08B2C5CD31F003F911FD4C82316363D26945D17977C2939F65E3B9748447006F95C3C6653CE30D2CDA67322D246D43C9EB892A8E83DEB31A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k..K.c.K.c.K.c.Br..I.c.P...H.c.P...I.c.P...N.c.K.b.m.c.P...m.c.P...J.c.P...J.c.P...J.c.RichK.c.........................PE..L...nPjW...........!.........Z......V.............Sm.........................@.......!....@.................................<...P.... ..................@....0..........................................@............................................text...n........................... ..`.rdata........... ..................@..@.data....+.......(..................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):64064
                                                                                                                                                                                                Entropy (8bit):6.338192715882019
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:Skh2CQuUlng7qkKi5iO8pm8cN9qOU33oit:Skkhu0nTli5jN8cNAOUHnt
                                                                                                                                                                                                MD5:B04ABE76C4147DE1D726962F86473CF2
                                                                                                                                                                                                SHA1:3104BADA746678B0A88E5E4A77904D78A71D1AB8
                                                                                                                                                                                                SHA-256:07FF22E96DCFD89226E5B85CC07C34318DD32CDA23B7EA0474E09338654BFEB3
                                                                                                                                                                                                SHA-512:2E4E2FEB63B6D7388770D8132A880422ABF6A01941BFF12CAD74DB4A641BDA2DCC8BF58F6DAE90E41CC250B79E7956DDF126943E0F6200272F3376A9A19505F1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?...{.|.{.|.{.|..N..y.|.{.}.g.|.v.x.|.v.y.|.v.w.|.v.y.|....Z.|....z.|.v.z.|....z.|.Rich{.|.........................PE..L...nPjW...........!......... ......_.............Vm......................... .......*....@.....................................<.......................@...........................................(...@...............t............................text............................... ..`.rdata..............................@..@.data...\...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):453184
                                                                                                                                                                                                Entropy (8bit):6.516599034237354
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:3J/sbugq7rm5zX2JDYfiA9+wvpsEWcIGnFm8iTFOBITfnvxIW1x8:3JUbzq+5zX25qvdfnFm88nvq+x8
                                                                                                                                                                                                MD5:5EDAEFFC60B5F1147068E4A296F6D7FB
                                                                                                                                                                                                SHA1:7D36698C62386449A5FA2607886F4ADF7FB3DEEF
                                                                                                                                                                                                SHA-256:87847204933551F69F1CBA7A73B63A252D12EF106C22ED9C561EF188DFFCBAE8
                                                                                                                                                                                                SHA-512:A691EF121D3AC17569E27BB6DE4688D3506895B1A1A8740E1F16E80EEFCE70BA18B9C1EFD6FD6794FAFC59BA2CAF137B4007FCDC65DDB8BCBFCF42C97B13535B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T...:...:...:.......:.e....:......:......:.....:....:....:...;.`.:......:.......:.......:.......:.Rich..:.................PE..L...oPjW...........!.........:......n.............Xm................................-.....@.........................@...\6..............................@.......|8..................................Xh..@...............X...8........................text............................... ..`.rdata...;.......<..................@..@.data...............................@....rsrc...............................@..@.reloc..ZE.......F..................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):25152
                                                                                                                                                                                                Entropy (8bit):6.627329311560644
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:0mgNWEfK0RiC4qxJL8VI6ZEPG5Vv/11nYPLr7N:H6WmK0RiSxJ4VI6W+zbC7N
                                                                                                                                                                                                MD5:72B7054811A72D9D48C95845F93FCD2C
                                                                                                                                                                                                SHA1:D25F68566E11B91C2A0989BCC64C6EF17395D775
                                                                                                                                                                                                SHA-256:D4B63243D1787809020BA6E91564D17FFEA4762AF99201E241F4ECD20108D2E8
                                                                                                                                                                                                SHA-512:C6A16DAAF856939615DFDE8E9DBE9D5BFC415507011E85E44C6BF88B17B705C35CD7CED8EDA8F358745063F41096938D128DEE17E14FE93252E5B046BDFCDDC0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%..cK.cK.cK....cK....cK.cJ.cK....cK....cK....cK....cK....cK....cK.Rich.cK.........PE..L...nPjW...........!.....*...........4.......@....|m................................:6....@.........................0M.......H..<....p...............J..@............A...............................F..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........`.......@..............@....rsrc........p.......B..............@..@.reloc..z............F..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21568
                                                                                                                                                                                                Entropy (8bit):6.601333059222365
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:QwiAYZIxsQbbRLEs5Ltd7rpPVJfq0nYPLr7Ko+:BiPZj+bVEmtd7rpdJfnC7J+
                                                                                                                                                                                                MD5:73603BF0DC85CAA2F4C4A38B9806EC82
                                                                                                                                                                                                SHA1:74EBC4F158936842840973F54AF50CDF46BC9096
                                                                                                                                                                                                SHA-256:39EF85AB21F653993C8AAAB2A487E8909D6401A21F27CBA09283B46556FB16AF
                                                                                                                                                                                                SHA-512:5C238D677D458D5B7D43FA3FF424E13B62ABFCEDE66D55E3112DC09BF2F7B640EB8F82D00E41A2C7A7E7B36E3FCE3C2DCB060037314418D329466CC462D0BF71
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..<...<...<...'<8.>...'<:.>...'<..>...<...v...5.7.9...'<..1...'<?.=...'<>.=...'<9.=...Rich<...........................PE..L...nPjW...........!.................&.......0....}m................................F.....@..........................A..U....<..P....`...............<..@....p......@1..............................x;..@............0..(............................text............................... ..`.rdata.......0....... ..............@..@.data........P.......2..............@....rsrc........`.......4..............@..@.reloc.......p.......8..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):827456
                                                                                                                                                                                                Entropy (8bit):6.022966185458799
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:E0NweWDjb28WNjE/lBy/pUbS3lYMpQIRrAOh3:7Wb5By/pUbouAQIRHh3
                                                                                                                                                                                                MD5:E741028613B1FC49EC5A899BE6E3FC34
                                                                                                                                                                                                SHA1:9EAE3D3CA22E92A925395A660B55CECB2EB62D54
                                                                                                                                                                                                SHA-256:9163A546696E581D443B3A6250F61E5368BE984C69ADFB54EE2B0E51D0FA008E
                                                                                                                                                                                                SHA-512:05C6CE707F4F0F415E74D32F1AACEC7E2C7746C3D04C75502EAECAFAF9E0108CE6206A8A3939C92EDCE449FFC0A68FB4389EDAA93D61920D1EC85327D1B3A55A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Vu.'...t...t...t..Tt...t.lIt...t.lYt...t...t...t}bat...t..`t...t..at{..t..Qt...t..Pt...t..Wt...tRich...t................PE..L...pPjW...........!................T.............`m.....................................@.........................................P..................@....p..\^.....................................@...............X...........................text...,........................... ..`.rdata..8...........................@..@.data....t.......R..................@....rsrc........P......................@..@.reloc..zr...p...t..................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):907328
                                                                                                                                                                                                Entropy (8bit):6.160830535423145
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:ZyWOeRjqm9ZRI+Ga+fme7CV93+x6FQ3ge:VRAeMme7kA6F6ge
                                                                                                                                                                                                MD5:4FD3548990CAF9771B688532DEF5DE48
                                                                                                                                                                                                SHA1:567C27A4EA16775085D8E87A38FE58BEC4463F7D
                                                                                                                                                                                                SHA-256:BDE5DF7BCFC35270B57A8982949BF5F25592A2E560A04E9868B84BEF83A0EA4B
                                                                                                                                                                                                SHA-512:FD2CF2072A786293E30CD495BA06F4734F0CEA63CBC49B6D7A24F6891612375E48D1B5758D9408625E769E8A81C7C34F04278E011BCF47EDEB8C2AFC13AEC20C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............x...x...x....k..x...._..x....v..x....f..x...x...y....^..x....^..x....n..x....o..x....h..x..Rich.x..........................PE..L...nPjW...........!.................D.......0....mm................................t.....@..........................>......."..........................@........c...5..............................p...@............0..4............................text............................... ..`.rdata..T....0......................@..@.data...$Y...@...6...,..............@....rsrc................b..............@..@.reloc...g.......h...X..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):109120
                                                                                                                                                                                                Entropy (8bit):5.986571003903383
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:LE9WcstxlDgZ9EYDKg0nc6N3MR+EpOB+o+5PVT/B:ghspgZPDanhs+EpOBF+5PFB
                                                                                                                                                                                                MD5:A5455B9BEB5672D89B1F0FCFAA4C79CA
                                                                                                                                                                                                SHA1:9C7DBB5AD1CB3EBE7347A9CDDD80389902DA81EC
                                                                                                                                                                                                SHA-256:89A429889DCD0F6A3FE56217A0FEB5912132AAB2817643021EAE3716DA533D4A
                                                                                                                                                                                                SHA-512:131866A4754F4AF78A94F0776815E7EA4375736A4B11A723B87A4436FA101D271FFE14E4B49D3AB1AE2FA61CDBDED0C3D174C75327BE3C24E0E4CC39AFFA9469
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ot....Z...Z...Z..Z...ZC@.Z...Z..Z...Z..Z...Z.v.Z...Z.v.Z...Z...Z...Z.x.Z...Z..Z...Z..Z...Z..Z...Z..Z...ZRich...Z........................PE..L...oPjW...........!..............................~m......................................@.........................P...J............0...t..............@...........P...............................0...@............... ...d...`....................text............................... ..`.rdata...D.......F..................@..@.data...0...........................@....rsrc....t...0...v..................@..@.reloc...............|..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):223296
                                                                                                                                                                                                Entropy (8bit):6.501845596055873
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:8P8OC0xbNXLJAEh4hijzud6kAgZkFGMReiDfbgOBI1:8P8OC0xbNXLJAEh4hijzud6kAgYGSA
                                                                                                                                                                                                MD5:9D5EDECF7E33DDD0E2A6A0D34FC12CA1
                                                                                                                                                                                                SHA1:FC228A80FF85D78AA5BFBA2515EFED3257B9B009
                                                                                                                                                                                                SHA-256:6D817519C2E2EFDD3986EB655C1F687D4774730AB20768DF1C0AAEF03B110965
                                                                                                                                                                                                SHA-512:B4D58D3415D0255DCD87EF413762BC0F2934AAA6C8151344266949D3DD549ABDCA1366FA751A988CDDC1430EBF5D17668ADF02096DD4D5EAFE75604C0DA0B4C9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......wG.s3&. 3&. 3&. .h. 0&. (.. 6&. :^. ;&. (.. 4&. 3&. n&. (.4 n&. (.5 "&. (.. 2&. (.. 2&. (.. 2&. Rich3&. ........PE..L...oPjW...........!.........~.....................m.................................e....@......................... ;.......1.......`...............P..@....p......................................@...@............................................text............................... ..`.rdata...O.......P..................@..@.data........@.......,..............@....rsrc........`.......8..............@..@.reloc..L....p.......<..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):151104
                                                                                                                                                                                                Entropy (8bit):6.548096027649263
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:PPuiQNBInyjJ2y53/5d8n9e/ry7zOAHpyWWJd1u2TeKSNlGFGZQfVN2:iBInu2y5P5dkeDy7zOUpLJ2mHZQf2
                                                                                                                                                                                                MD5:7A710F90A74981C2F060FA361D094822
                                                                                                                                                                                                SHA1:FBDCA4E3F19AD5201572974E3C772A3C2694FBB3
                                                                                                                                                                                                SHA-256:9BC52058C02E0C87A6A9470C62D1AA4F998942CC00F99A82E7805E87D958BC16
                                                                                                                                                                                                SHA-512:928708DFF6A372BA997C072238823469CBFD28CCBB17A723AD35F851D35C6EFF82748AA41A9215955B9536A14AA57D47ABE0F1BA00D11F8D920A57F91B7A35E5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................5......7.....................&.......8.......#.....5.........................4......3.....6.....Rich....................PE..L...oPjW...........!................g..............m.........................p............@.........................0...P............@...............6..@....P..........................................@...............4............................text............................... ..`.rdata...g.......h..................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):200768
                                                                                                                                                                                                Entropy (8bit):6.431501859060678
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:lC0MaRHVsSduCCkNlKpR1FHNnuNcCwJPT54l2B3Fzkmldrz5ZD9hYJOj9T3iRK:s0XR1sYtxgGl2B3uWjhYJOj9TSY
                                                                                                                                                                                                MD5:434CBB561D7F326BBEFFA2271ECC1446
                                                                                                                                                                                                SHA1:3D9639F6DA2BC8AC5A536C150474B659D0177207
                                                                                                                                                                                                SHA-256:1EDD9022C10C27BBBA2AD843310458EDAEAD37A9767C6FC8FDDAAF1ADFCBC143
                                                                                                                                                                                                SHA-512:9E37B985ECF0B2FEF262F183C1CD26D437C8C7BE97AA4EC4CD8C75C044336CC69A56A4614EA6D33DC252FE0DA8E1BBADC193FF61B87BE5DCE6610525F321B6DC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............g_..g_..g_..._..g_..._..g_..._..g_..._..g_aT._..g_aT._..g_aT._..g_..f_..g_..._..g_.._..g_.._..g_..._..g_.._..g_Rich..g_........................PE..L...oPjW...........!...............................m.........................0............@..........................l..................X&..............@........(......................................@...............<....^.......................text...\........................... ..`.rdata..............................@..@.data...\"..........................@....rsrc...X&.......(..................@..@.reloc...(.......*..................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):400960
                                                                                                                                                                                                Entropy (8bit):6.165546757090391
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:vxDvEpBGH7t7PB7Es7va/QdqOBYswIprNWhk+URpxfu4w7J:tvEpBGH7pN57vwQd6swIp5WhkRlfu4CJ
                                                                                                                                                                                                MD5:767BBA46789597B120D01E48A685811E
                                                                                                                                                                                                SHA1:D2052953DDE6002D590D0D89C2A052195364410A
                                                                                                                                                                                                SHA-256:218D349986E2A0CD4A76F665434F455A8D452F1B27EAF9D01A120CB35DA13694
                                                                                                                                                                                                SHA-512:86F7F7E87514DBC62C284083D66D5F250A24FC5CD7540AF573C3FB9D47B802BE5FFBBC709B638F8E066AB6E4BB396320F6E65A8016415366799C74772398B530
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j..'..{t..{t..{t.g.t).{t#..t-.{t#..t".{t#..t".{t#..t,.{tS..ty.{t.8.t".{t..zt..{tS..t/.{t#..t/.{tS..t/.{tRich..{t................PE..L...oPjW...........!.....V...........=.......p.....m.........................P............@.............................^...............................@.... ..h'......................................@............p...............................text....T.......V.................. ..`.rdata...j...p...l...Z..............@..@.data.... ..........................@....rsrc...............................@..@.reloc..h'... ...(..................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):514112
                                                                                                                                                                                                Entropy (8bit):6.805344203686025
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:Y5JbfdT5NYGe8m51QSWvopH1kdMDbA2ZoNnYX:Y5JV7eB3KopvnAe2YX
                                                                                                                                                                                                MD5:8D0CE7151635322F1FE71A8CEA22A7D6
                                                                                                                                                                                                SHA1:81E526D3BD968A57AF430ABB5F55A5C55166E579
                                                                                                                                                                                                SHA-256:43C2AC74004F307117D80EE44D6D94DB2205C802AE6F57764810DEE17CFC914D
                                                                                                                                                                                                SHA-512:3C78C0249B06A798106FEAF796AA61D3A849F379BD438BF0BB7BFED0DC9B7E7EA7DE689BC3874ED8B97FF2B3BA40265DED251896E03643B696EFDBF2E01AC88C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Es.J$..J$..J$....N$..Gv..I$..Gv.G$..Gv..G$..Gv..H$..7]..%$.....B$..7]..H$..J$...%..7]..K$..Gv.K$..7].K$..RichJ$..........PE..L...pPjW...........!................g..............m......................................@..........................F.......I..........................@.......lT...................................E..@............................................text............................... ..`.rdata..............................@..@.data....0...`..."...D..............@....rsrc................f..............@..@.reloc..lT.......V...j..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):132672
                                                                                                                                                                                                Entropy (8bit):6.708436670828807
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:HGBc2vf2AWlvx+Kre9vVv3CoLORljxWEXyB/NK3GyNf9:mxvffVvyo0X8NKW+1
                                                                                                                                                                                                MD5:6376B76728E4A873B2BB7233CBCD5659
                                                                                                                                                                                                SHA1:3BE08074527D5B5BC4A1DDCEC41375E3B3A8A615
                                                                                                                                                                                                SHA-256:4FDF86D78ABC66B44B8AFF4BBCE1F2A5D6D9900767BE3CAAE450409924DBC5AD
                                                                                                                                                                                                SHA-512:955E7C5AB735183B491A753710B6F598A142A2876DDAE5AD301C3DA82A65CE82238E0F20C9F558F80138D58F8DC00B4EBD21483CEED0AABEEDA32CCA5D2E3D48
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........vu^............8Y...............................o..............................................Rich............................PE..L...oPjW...........!.....z...x......_..............m......................... ......^.....@.............................i...|...d.......................@........................................... ...@...............d............................text...Ny.......z.................. ..`.rdata...N.......P...~..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):115776
                                                                                                                                                                                                Entropy (8bit):6.787384437276838
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:0LHPDcdivqC4xMfl/hAxfZ/t0QHQIM7iVxoQCpGlyir0wIOfnToIfemrVZQirM:0rPDco4xMNEfZ1LQG4igmvTBfem7QcM
                                                                                                                                                                                                MD5:AB6ED0CFD0C52DBEDE1BE910EFA8A89B
                                                                                                                                                                                                SHA1:83CBC2746A50C155261407ECE3D7A5C58AAD0437
                                                                                                                                                                                                SHA-256:8A6FBB08E0F418A3BB80CC65233E7270C820741DD57525ED7FD3CC479A49396E
                                                                                                                                                                                                SHA-512:41773183FC20E42BF208064163AA55658692B9221560146E4F6A676F96FC76541ED82F1EFDFA31F8C25BA42F271F7D9087DE681DA937BBF0EB2C781E027F1218
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........g0...c...c...c..c...c...c...cP..c...c.|.c...c.|.c...c.|.c...c.|.c...c.|.c...c.|.c...cRich...c........PE..L...oPjW...........!........................0.....m......................................@.........................@.......|...(.......................@...........p1.............................. ...@............0..0............................text...L........................... ..`.rdata...f...0...h..................@..@.data....,..........................@....rsrc...............................@..@.reloc..Z...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16448
                                                                                                                                                                                                Entropy (8bit):6.490137326885244
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:WCMJqfiSZzDonPV5TyVIbb8nYPLr7VblXT:WLJqrNkndQIsC7Vhj
                                                                                                                                                                                                MD5:1F004C428E01F8BEB07B52EB9659A661
                                                                                                                                                                                                SHA1:4D6AAB306CB1F4925890BF69FCDF32BBFE942B81
                                                                                                                                                                                                SHA-256:1BDEFECDF8CFA3F6DA606AD4D8BD98EC81E4A244D459A141723CCB9DC47E57CB
                                                                                                                                                                                                SHA-512:61888A778394950D2840E4D211196FFE1CB18FA45D092CBADBEDF2809BDED3D4421330CFE95392DD098E4AE3F6F8A3070E273FFCA2FB495C43C76332CA331DBF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3...w.x^w.x^w.x^...^v.x^l..^u.x^l..^u.x^l..^u.x^~..^r.x^w.y^[.x^l..^y.x^l..^v.x^l..^v.x^l..^v.x^Richw.x^........PE..L...oPjW...........!.........................0.....m.........................p.......!....@..........................7.......2..P....P...............(..@....`..`....0..............................`1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@....... ..............@....rsrc........P......."..............@..@.reloc.......`.......&..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):51264
                                                                                                                                                                                                Entropy (8bit):6.576803205025954
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:urOHh9t7/GAzqHcGxAARrZT9ixHDyo/r0rV9LrBH1bjPEwhEdheBwHWQFgE/XudL:G+9t7/qHcGHuy/pb
                                                                                                                                                                                                MD5:3A744B78C57CFADC772C6DE406B6B31E
                                                                                                                                                                                                SHA1:A89BF280453C0BCF8C987B351C168AEB3D7F7141
                                                                                                                                                                                                SHA-256:629393079539B1B9849704CE4757714D1CBE5C80E82C6BB3BC4445F4854EFA7B
                                                                                                                                                                                                SHA-512:506A147F33C09FA7338E0560F850E42139D0875EF48C297DDB3CC3A29F12822011915FACCB21DA908CF51A462F0EBA56B6B37C71D9C0F842BDE4A697FB4FFB64
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O^;w.?U$.?U$.?U$.G.$.?U$...$.?U$.?T$&?U$...$.?U$...$.?U$...$.?U$...$.?U$...$.?U$...$.?U$Rich.?U$........................PE..L...oPjW...........!.....v...8......l..............m................................O1....@.............................u...|...<.......................@.......................................... ...@............................................text...~t.......v.................. ..`.rdata...'.......(...z..............@..@.data...............................@....rsrc...............................@..@.reloc..V...........................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19520
                                                                                                                                                                                                Entropy (8bit):6.452867740862137
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:45kF/QP8xkI6hgWIE0PVlyJSZ9nYPLr7+:4SqP7I6rkd4EfC7+
                                                                                                                                                                                                MD5:503275E515E3F2770A62D11E386EADBF
                                                                                                                                                                                                SHA1:C7BE65796AA0E490779F202C67EEC5E9FBB65113
                                                                                                                                                                                                SHA-256:97B5D1C8E7AAACE5C86A418CB7418D3B0BA4F5E178DE3CF1031029F7F36832AF
                                                                                                                                                                                                SHA-512:AC7C0CB626C2D821F0F4E392EE4E02C9E0093F019AA5B2947E0C7B3290A0098A3D9BB803AB44FD304CA1F1D272CFB7B775E3C75C72C7523FF7240F38440CFC3C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."..|fl./fl./fl./}.(/dl./}.*/gl./}../dl./o.'/al./fl./_l./}../kl./}.//gl./}../gl./}.)/gl./Richfl./................PE..L...pPjW...........!.........................0.....m.........................p............@..........................=.......8..d....P...............4..@....`..\....1...............................6..@............0...............................text............................... ..`.rdata..w....0......................@..@.data...`....@.......*..............@....rsrc........P.......,..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):30784
                                                                                                                                                                                                Entropy (8bit):6.413942547146628
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:+HhfWinfwUFAvnb5TIUX+naSOu9MQQ5jhC7EY:cuin5FAvNTIUX+nbMQQ54EY
                                                                                                                                                                                                MD5:530D5597E565654D378F3C87654CCABA
                                                                                                                                                                                                SHA1:6FAC0866EE0E68149AC0A0D39097CEF8F93A5D9E
                                                                                                                                                                                                SHA-256:0CFAA99AE669DDC00BD59B5857F725DFF5D4C09834E143AB1B5C5F0B5801D13B
                                                                                                                                                                                                SHA-512:D7520A28C3054160FCD62C9D816A27266BE9333E00794434FB4529F0FF49A2B08E033B5E67A823E5C184EE2D19D7F615FF9EE643FE71C84011A7E5C03251F3B4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............I...I...I..HI...I..JI...I..~I...I..GI...I...I..I...I...I..NI...I..II...IRich...I........PE..L....DjW.................0...,.......1.......@....@..................................<....@.................................dR..x....p...............`..@.......t....A...............................P..@............@..p............................text............0.................. ..`.rdata.......@.......4..............@..@.data........`.......N..............@....rsrc........p.......P..............@..@.reloc..p............Z..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15936
                                                                                                                                                                                                Entropy (8bit):6.466457942735197
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:GpsbHnDiW6gejmSHhV8cGees7snYPLr7Wj53:GpsbHn/HS/8cresgC743
                                                                                                                                                                                                MD5:CF2F023D2B5F0BFB2ECF8AEEA7C51481
                                                                                                                                                                                                SHA1:6EB867B1AC656A0FC363DFAE4E2D582606D100FB
                                                                                                                                                                                                SHA-256:355366D0C7D7406E2319C90DF2080C0FAE72D9D54E4563C48A09F55CA68D6B0C
                                                                                                                                                                                                SHA-512:A2041925039238235ADC5FE8A9B818DFF577C6EA3C55A0DE08DA3DEDD8CD50DC240432BA1A0AEA5E8830DCDCCD3BFBF9CF8A4F21E9B56DC839E074E156FC008D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW..................................... ....@..........................`......B.....@..................................#..P....@..\............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata..z.... ......................@..@.data........0......................@....rsrc...\....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):126528
                                                                                                                                                                                                Entropy (8bit):6.8082748642937725
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:Kw2b3Kr+uWU9XzFhziJ1TBZAhsIn/B9NZwMgjeNXLD:43KFFheLCBpV/
                                                                                                                                                                                                MD5:73BD0B62B158C5A8D0CE92064600620D
                                                                                                                                                                                                SHA1:63C74250C17F75FE6356B649C484AD5936C3E871
                                                                                                                                                                                                SHA-256:E7B870DEB08BC864FA7FD4DEC67CEF15896FE802FAFB3009E1B7724625D7DA30
                                                                                                                                                                                                SHA-512:EBA1CF977365446B35740471882C5209773A313DE653404A8D603245417D32A4E9F23E3B6CD85721143D2F9A0E46ED330C3D8BA8C24AEE390D137F9B5CD68D8F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!..r..r..r.W.r..r.W(r..r...r..r..(r..r...r..r.W.r..r..r..r.W)r..r.W.r..r.W.r..r.W.r..rRich..r................PE..L...qPjW...........!..... ...........(.......0.....m................................6N....@......................... u...B...U..........................@............5...............................S..@............0......<U..@....................text...b........ .................. ..`.rdata.......0.......$..............@..@.data...............................@....rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):191040
                                                                                                                                                                                                Entropy (8bit):6.75061028420578
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:iUJiEoGLsncZizZQ7QBdCPdG3TBfMzrjZqMNGSplN2:iUJsnVzy7QBdC1G3TBEvFp6
                                                                                                                                                                                                MD5:E3E51A21B00CDDE757E4247257AA7891
                                                                                                                                                                                                SHA1:7F9E30153F1DF738179FFF084FCDBC4DAE697D18
                                                                                                                                                                                                SHA-256:7E92648B919932C0FBFE56E9645D785D9E18F4A608DF06E7C0E84F7CB7401B54
                                                                                                                                                                                                SHA-512:FC2981A1C4B2A1A3E7B28F7BF2BE44B0B6435FD43F085120946778F5C2C2CA73AD179796DEC0B92F0C6C8F6B63DD329EECC0AF1BB15392364C209DCF9CD6F7CA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........+H..E...E...E.L.....E..E....E..E....E......E...D...E..E..{.E..E....E..E....E.Rich..E.........PE..L....DjW.....................&....................@..........................0......aN....@.................................L*..d.......................@............................................$..@............................................text...~........................... ..`.rdata...s.......t..................@..@.data....4...@....... ..............@....rsrc................6..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):23616
                                                                                                                                                                                                Entropy (8bit):6.620094371728742
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:Qp2dG5pC/ujTc8ZrEnrZm8WXLFnPV52WZQAnYPLr7lOGa:uvCGjJ0Q9ndRZdC71a
                                                                                                                                                                                                MD5:1C47DD47EBD106C9E2279C7FCB576833
                                                                                                                                                                                                SHA1:3BA9B89D9B265D8CEC6B5D6F80F7A28D2030A2D1
                                                                                                                                                                                                SHA-256:58914AD5737F2DD3D50418A89ABBB7B30A0BD8C340A1975197EEA02B9E4F25B2
                                                                                                                                                                                                SHA-512:091F50B2E621ED80BAFE2541421906DE1BCC35A0E912055B93E40CD903BE8B474103C0D8FECDF46E7F2F3C44BDADE64A857AB2B9CB5404306055150EE4ED002A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2..v...v...v.....+.t...m'$.u...v...\...m'&.w...m'..t...m'..{...m'#.w...m'".w...m'%.w...Richv...................PE..L...wPjW...........!.....*...........4.......@.....m................................F.....@..........................I..|....E..<....`...............D..@....p.......@...............................D..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data...(....P.......:..............@....rsrc........`.......<..............@..@.reloc..^....p.......@..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):160256
                                                                                                                                                                                                Entropy (8bit):6.469497559123052
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:a2lpElIhbyyH3c1CX766zKELxKvFaPSnjZqMNJlGle:a2rE+xdW+76DEVKv8wv
                                                                                                                                                                                                MD5:4E3C37A4DE0B5572D69AD79B7A388687
                                                                                                                                                                                                SHA1:6B274E166641F9CE0170E99FE2D1F4319B75A9E8
                                                                                                                                                                                                SHA-256:893A86E7B1DE81DEDAB4794732FCCD02790756A2DBE4815C102F039088DFCBD2
                                                                                                                                                                                                SHA-512:8352A1CD859D17A27560448C6FFB0E8200096CAC744C8BB56330397FDE0B7F702E2295999D89FBAD74DF72DF200C391113A23A9B4342ABAC738167967533F9CD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d6.. We. We. We.;...9We.;...We.)/..)We. Wd..We.O!.(We.;...We.;...!We.;...!We.;...!We.Rich We.........................PE..L....HjW...........!.....r...........q....................................................@.............................Z.......d.... ..............................@...................................@............................................text....p.......r.................. ..`.rdata..jH.......J...v..............@..@.data...,3..........................@....rsrc........ ......................@..@.reloc..@............T..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):70208
                                                                                                                                                                                                Entropy (8bit):6.353501201479367
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:jFVfr2k521ZnrawwMmqPXt+rP3b/9/YMCxx0OpPOrEE14EVHLAuDeGJiqrmehiV9:PxioMmqF+2x0MORLVq7qjh3rmKPNpwGg
                                                                                                                                                                                                MD5:C2A59C7343D370BC57765896490331E5
                                                                                                                                                                                                SHA1:A50AF979E08A65EB370763A7F70CDB0E179D705D
                                                                                                                                                                                                SHA-256:40614FE8B91E01AD3562102E440BDBF5FAC5D9F7292C6B16A58F723BFFFE6066
                                                                                                                                                                                                SHA-512:CA266F1B2E51F66D119E2D71E3377C229A3D583853FFB606C101AFEB41689ACE7D1F1594781091DA67F9BE9D09F3019BF048C0F819777E8F1827A56BEEC252C4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._...1...1...1..9....1.j...1..9....1..9...1.....1...0.q.1.....1..9....1..9....1..9....1.Rich..1.................PE..L....HjW.................B...........B.......`....@..........................@......5C....@..................................}..x.......................@....0.......b...............................u..@............`......@{.......................text...,@.......B.................. ..`.rdata..x'...`...(...F..............@..@.data................n..............@....rsrc................p..............@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):57408
                                                                                                                                                                                                Entropy (8bit):6.6711491011490285
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:f6arRmcnq2lxm+Na6C7HIT6T8E2pLSSm3:fzm+q7HITS8E2pLSSA
                                                                                                                                                                                                MD5:AEADA06201BB8F5416D5F934AAA29C87
                                                                                                                                                                                                SHA1:35BB59FEBE946FB869E5DA6500AB3C32985D3930
                                                                                                                                                                                                SHA-256:F8F0B1E283FD94BD87ABCA162E41AFB36DA219386B87B0F6A7E880E99073BDA3
                                                                                                                                                                                                SHA-512:89BAD9D1115D030B98E49469275872FFF52D8E394FE3F240282696CF31BCCF0B87FF5A0E9A697A05BEFCFE9B24772D65ED73C5DBD168EED111700CAAD5808A78
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................I2.......(.......*.....................\.:.....\.>...............................)...............+.....Rich............PE..L...tPjW...........!.....r...V.......w.............m......................................@.........................@...x...............................@.......8.......................................@...............4............................text....p.......r.................. ..`.rdata...@.......B...v..............@..@.data...............................@....rsrc...............................@..@.reloc..8...........................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):446528
                                                                                                                                                                                                Entropy (8bit):6.603555069382601
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:RreTVhY4gXwLR4YS+OX3kQg4O5kM2LY58gwDTxXvwGSelo:Rr4VhyK7eTxXvwelo
                                                                                                                                                                                                MD5:8AE40822B18B10494527CA3842F821D9
                                                                                                                                                                                                SHA1:202DFFA7541AD0FAD4F0D30CEE8C13591DCA5271
                                                                                                                                                                                                SHA-256:C9742396B80A2241CE5309C388B80000D0786A3CAB06A37990B7690FD0703634
                                                                                                                                                                                                SHA-512:AA324A265639C67843B4BF6828029B413044CBE4D7F06A253B78B060EA554FECC6E803D59D03742C485B2EB3D52E5C0A44928DCC927501F413EE4664BB8A11F5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f.4Z..gZ..gZ..g.}g^..gWUggX..gWUeg\..gWUZgW..gWU[g_..g..qg]..gZ..g...g'~Zg~..g'~[g...g'~fg[..gWUag[..g'~dg[..gRichZ..g........PE..L...uPjW...........!..............................m......................................@.........................@..........d.......................@........%...................................\..@...............,............................text...{........................... ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc...%.......&..................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):126016
                                                                                                                                                                                                Entropy (8bit):6.608910794554507
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:oOxjjADzd+aeaPB9JhjxkM2wzGdXJbD/jn8Y6:ocKzeaPB9JhjxknwzG5JbDb8F
                                                                                                                                                                                                MD5:01706B7997730EAA9E2C3989A1847CA6
                                                                                                                                                                                                SHA1:7CEAD73CBE94E824FA5E44429B27069384BFDB41
                                                                                                                                                                                                SHA-256:20533C66C63DA6C2D4B66B315FFCF5C93AE5416E3DAE68CDD2047EFE7958AB3A
                                                                                                                                                                                                SHA-512:3272C8DE6C32D53372D481441DA81AE2B6EA02E8360B23D7F793B24827BD683A6604F43BE18CE2BEE40038FBE7D5F7AF78B2C465A51F82478D881DBEB5744DC2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........y.r.*.r.*.r.*O..*.r.*.r.*.r.*. .*.r.*. .*.r.*. 0*.r.*. 1*.r.*..0*.r.*...*.r.*. .*.r.*...*.r.*Rich.r.*........PE..L...vPjW...........!.........:.....................m................................c.....@.....................................<.......................@.......\...................................0...@............................................text... ........................... ..`.rdata..8(.......*..................@..@.data...............................@....rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):191552
                                                                                                                                                                                                Entropy (8bit):6.744419946343284
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:lScg0xvhTZNIs3Ft+STckCBQo3C0Y22vncTBfsO9jZqMN3cH1Tefqk:lSclI6nTc3BQo3C0YHncTBxvs65
                                                                                                                                                                                                MD5:48C96771106DBDD5D42BBA3772E4B414
                                                                                                                                                                                                SHA1:E84749B99EB491E40A62ED2E92E4D7A790D09273
                                                                                                                                                                                                SHA-256:A96D26428942065411B1B32811AFD4C5557C21F1D9430F3696AA2BA4C4AC5F22
                                                                                                                                                                                                SHA-512:9F891C787EB8CEED30A4E16D8E54208FA9B19F72EEEC55B9F12D30DC8B63E5A798A16B1CCC8CEA3E986191822C4D37AEDB556E534D2EB24E4A02259555D56A2C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v...%...%...%..w%...%.7D%...%.7q%...%..|%...%...%...%.7E%*..%.7u%...%.7r%...%Rich...%........................PE..L....DjW.....................(...................@..........................0............@.................................\*..d.......................@............................................$..@............................................text............................... ..`.rdata...t.......v..................@..@.data....4...@......."..............@....rsrc................8..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):269888
                                                                                                                                                                                                Entropy (8bit):6.418120581797452
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:Fp9B0qT85g5Sq+VBY2qVLC2wH5rM8HoQvlHO:5uqT85sSq+ERVm2wZEQvlHO
                                                                                                                                                                                                MD5:F8211DB97BF852C3292C3E9C710C19D9
                                                                                                                                                                                                SHA1:46DAD07779E030D8D1214AFE11C4526D9F084051
                                                                                                                                                                                                SHA-256:ECF4307739CA93F1569CE49377A28B31FE1EB0F44B6950DBAAFA1925B24C9752
                                                                                                                                                                                                SHA-512:B3E20EECA87136CAE77F06E4149E65EBFEF71A43589F7E2833008FE43811A2BC8B6202B6ADB5CE122A1822E83CE226B833DEF93A2B161476BD5B623794E4F697
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a..L%...%...%...>c..8...J.4.-...,.......%.......>c5.....>c4.....>c..$...>c..$...Rich%...................PE..L...rGjW.................t...........C............@..................................a....@.................................L...x.......................@.......8................................... ...@...............h...T........................text....r.......t.................. ..`.rdata...c.......d...x..............@..@.data...8........z..................@....rsrc................V..............@..@.reloc..>-..........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13888
                                                                                                                                                                                                Entropy (8bit):6.274978807671468
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:ahKnvndLwm3XLPVlD6yTUZnYe+PjPriT0fwdNJLkoRz:a4j7PVl1TAnYPLr7cLka
                                                                                                                                                                                                MD5:0291BA5765EE11F36C0040B1F6E821FB
                                                                                                                                                                                                SHA1:FFE1DCF575CCD0374DF005E9B01D89F6D7095833
                                                                                                                                                                                                SHA-256:F8540BE2BBD5BDE7962D2FE4E7EC9EF9BF53D95B48781AE549AA792F10032485
                                                                                                                                                                                                SHA-512:72ADDC631D8CF064E1B047B51EEF7F306CA959D24ED705065C33EE8DDDF7EA84B95B3DE5B0709015A81D36ACA01E15CE99A354D4069D4D798ED128A6A76D1010
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X"._9LR_9LR_9LRD..R^9LRD..RS9LRD..RZ9LRVA.R]9LR_9MR|9LRD..R\9LRD..R^9LRD..R^9LRD..R^9LRRich_9LR........PE..L...xPjW...........!......................... .....m.........................`............@..........................&..J...\"..P....@..................@....P..@.... ...............................!..@............ ...............................text............................... ..`.rdata..Z.... ......................@..@.data...`....0......................@....rsrc........@......................@..@.reloc..t....P......................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):163904
                                                                                                                                                                                                Entropy (8bit):6.783788147675078
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:XrQPwE5tlGsXVomHvD+1febSICzqozXtrQwnNZkB+5:XU15tpX9HvsfrTtMwNWBY
                                                                                                                                                                                                MD5:6E08D65F5CBB85E51010F36A84FC181D
                                                                                                                                                                                                SHA1:4EEE8BE68BAAF6320AEA29131A1C0B322F09F087
                                                                                                                                                                                                SHA-256:2D8658909D9E357A4B70FCF862D690EEC82A2F77161ABB021E0839C6A67D4825
                                                                                                                                                                                                SHA-512:DF4494D062E9A8AC82D727D2722DCF32C3FC924FA104F384FA099ADB08ECBDEEA7A19245D779097C0AFCF51F84852328ED595C88380F42BD39560678C8AD9621
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#..cp..cp..cp...p..cp...p..cp.D.p..cp..bp..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cpRich..cp........................PE..L...{PjW...........!...............................m......................................@......................... ?..h...|9..<....P...............h..@....`...)..@...............................(8..@...............,............................text............................... ..`.rdata..._.......`..................@..@.data...0....@.......4..............@....rsrc........P.......8..............@..@.reloc...+...`...,...<..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22592
                                                                                                                                                                                                Entropy (8bit):6.620820751411794
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:YL4Z7lZRiY3PB6cGgOp2m1zq2oatSnPV5zYxkpLfsnYPLr7Ybc:E4PZRiY3PB6cVAebaMnd+ypLkC7Cc
                                                                                                                                                                                                MD5:700F5789D2E7B14B2F5DE9FDB755762E
                                                                                                                                                                                                SHA1:F35EDE3441D6E5461F507B65B78664A6C425E9AC
                                                                                                                                                                                                SHA-256:D115EAF96BD41C7A46400DCFF7EF26AC99E3CF7A55A354855C86BAE5C69A895A
                                                                                                                                                                                                SHA-512:664A442DD424CA04AC0CE072B9BBD5EF7C657B59A26403C44A856738F7998466BFE3010825A13451281841D39B0A34D8997EE24497D626EC60C19AA1AF0EE465
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W..W..W../j.W...e.W..W..W....a.W...g.W...R.W...S.W...b.W...c.W...d.W..Rich.W..........PE..L...|PjW...........!........."......T&.......0.....m.................................O....@.........................`>.......:..<....`...............@..@....p.. ....0...............................9..@............0...............................text...^........................... ..`.rdata..p....0....... ..............@..@.data........P.......6..............@....rsrc........`.......8..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):115264
                                                                                                                                                                                                Entropy (8bit):6.588792190592223
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:2Cgsy+/cydqNiaZr+lOzZPh7/W4MCnc8Ioaa2yFWcC6vsx/8:FZOzZPh7/WSe+S6v+U
                                                                                                                                                                                                MD5:8BC8FE64128F6D79863BC059D9CC0E2E
                                                                                                                                                                                                SHA1:C1F2018F656D5500ACF8FA5C970E51A55004DA2E
                                                                                                                                                                                                SHA-256:B77CD78FF90361E7F654983856EE9697FDC68A0F9081C06207B691B0C9AF1F5D
                                                                                                                                                                                                SHA-512:6771F23ECF1A449EB6B0B394E0F1D3EB17C973FC0544BA25487C92F215ACC234FC31C9B7BE5528EFD06D29A35BB37DD7934318837576862ADFC2631B4D610A24
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l..>7..l..>...l..>5..l..>...l...#..l..5..l..l.zl.....l.....l..4..l..>3..l..6..l.Rich.l.........PE..L...}PjW...........!.........|......],.......@.....m................................~.....@.....................................x.......................@............................................h..@............@...............................text....-.......................... ..`.rdata..4Z...@...\...2..............@..@.data...4...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):33934912
                                                                                                                                                                                                Entropy (8bit):6.35314231534845
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:393216:VJ8d7SMzwH5R2sdDcBwHHdI4DKRlDsqXCagQZhzvilh2Wlq7ODI:VJ8d7zzUesdDtevn
                                                                                                                                                                                                MD5:4D857A5FC9CA16D2A67872FACCF85D9F
                                                                                                                                                                                                SHA1:EAEB632E526EFA946E4DB1B8CFA31DE6A7B03219
                                                                                                                                                                                                SHA-256:7FFA7423DDA07499394B345E5ECE2D54C8E19247E6E76C0E23B5BF1470AB0D7F
                                                                                                                                                                                                SHA-512:8DBC8675CE2DACE8D629C3FA66CF65704346AB829AE0B0A1D7B25BE22783B7E73624BA70F6D67264D6CA1656D7590E3753A8DF2227DA45112C5BD4A5654089AF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........O..z!..z!..z!.c...z!..(...z!..(...z!......z!..z!..z!..(..hz!..(...z!......z!. ...z!..z ..{!......p!......z!..(...z!......z!.Rich.z!.................PE..L...~PjW...........!......... $....................m......................................@.................................X...x.......@...............@..............................................@............................................text.............................. ..`.rdata...E.......F..................@..@.data..............................@....unwante............................@..@.rsrc...@...........................@..@.reloc.............................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15936
                                                                                                                                                                                                Entropy (8bit):6.475020301731584
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:GpsE5cnm6ObmSHhV8j0eeq4SziahnYPLr79OOu:Gpszn6iS/8jxeqfhC78Ou
                                                                                                                                                                                                MD5:4F11D43AA2215CE771DA528878F01C8E
                                                                                                                                                                                                SHA1:8062681D73489FF200CA0BA426FF1FF3F44494A7
                                                                                                                                                                                                SHA-256:0D554CD4B373D6D9B9C179A468D179388706C0BDE4D878ED75EF575651588B3C
                                                                                                                                                                                                SHA-512:34CB271C32FB479CFAEEC536A5D35A41730E90001D67DC9DB595DB240A1F58C3BF12334BB5CDE7673C8E56A4C272BFBD66E4EACDEE0082F6FD583E4E039EC540
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......C....@.................................$#..P....@..@............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...@....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):158784
                                                                                                                                                                                                Entropy (8bit):6.816453355323999
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:gLkNbBRaz4rQWiG6wMz9/S3en9pHUw06TBfkqI44:rNbB4Mcnv7z6en9pj06TB6
                                                                                                                                                                                                MD5:73A76EC257BD5574D9DB43DF2A3BB27F
                                                                                                                                                                                                SHA1:2C9248EAE2F9F5F610F6A1DFD799B0598DA00368
                                                                                                                                                                                                SHA-256:8F19B1BA9295F87E701C46CB888222BB7E79C6EE74B09237D3313E174AE0154F
                                                                                                                                                                                                SHA-512:59ECD5FCF35745BDADCDB94456CB51BB7EA305647C164FE73D42E87F226528D1A53CE732F5EC64CE5B4581FA8A17CFBFDC8173E103AE862D6E92EB3AD3638518
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................6...........0.....=............7....5.....4.....3....Rich............PE..L....PjW...........!...............................o................................Y.....@..........................3..m....*..d....................T..@............................................#..@............................................text...~........................... ..`.rdata...u.......v..................@..@.data....4...@......."..............@....rsrc................6..............@..@.reloc.."............:..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):207424
                                                                                                                                                                                                Entropy (8bit):6.630800216665857
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:ckZ5ktGCru8e6Y3RhNw0mjs+OBS7n7ACKRAHbW:ciIbS6Y37Nw0/QC
                                                                                                                                                                                                MD5:475DD87198F9C48EFB08AAB4ADE8AF5A
                                                                                                                                                                                                SHA1:9B657E0837639663D4D721F8C5E25401F11E7BEB
                                                                                                                                                                                                SHA-256:32764005FCCE7D0E51801528F6B68C860979E08D027A5220DFEC19B2A8013354
                                                                                                                                                                                                SHA-512:0B492B0FBADC14178A6F79A58E47C30D92B59B18414E38A7B119699D0788ACF3713F925CF0EC570BE3E29AB26BDB6B567C38526BC0603BA78ECC3E2952EA3E2B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D.*...*...*.......*.......*.;....*.......*.......*...+...*.......*.......*.......*.......*.......*.......*.Rich..*.........................PE..L....PjW...........!.........>.....................o.........................P............@.............................................................@......../...................................C..@...............|...........................text.../........................... ..`.rdata..............................@..@.data....,.......&..................@....rsrc...............................@..@.reloc...6.......8..................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):82496
                                                                                                                                                                                                Entropy (8bit):6.597347722250847
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:ez2dfBusTTkMffX+xR5kdt94u+508AqDfJOqsbCkq24maADX:kE5u+kkX+P+dt9O08JJOZXX4nADX
                                                                                                                                                                                                MD5:5F85F7F2DFAC397D642834B61809240F
                                                                                                                                                                                                SHA1:ECA28E8464208FA11EF7DF677B741CDD561483D9
                                                                                                                                                                                                SHA-256:B71E00ADB77D87882D58993A5888955BDD62C57D364F60AAA0FA19D32A69C9DA
                                                                                                                                                                                                SHA-512:2BFE9FCE450E57EA93DEEAA85A746CB17BA946EEFF866F10D67C74F7EA038B16910E0D8EF29E9F358AF7DAABD45E3983C370FEF82A9647546819DCDE3AEE45BC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-..C..C..C.....C..3..C.v...C..3..C..B.X.C.....C..3..C..3...C..3..C..3..C.Rich.C.........PE..L....HjW............................1.............@.................................cE....@.................................\...x....`..H............*..@....p..h.......................................@............................................text............................... ..`.rdata...C.......D..................@..@.data....0... ......................@....rsrc...H....`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19008
                                                                                                                                                                                                Entropy (8bit):6.372096409611824
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:PTjlu57T5J5eFeYW7TPVlN3B+ASZQ4NNR7F3qnYPLr7om0:PnUd5eFeDfd5Sj7oC7om0
                                                                                                                                                                                                MD5:4023E25F92B5F13E792901BF112A8EA2
                                                                                                                                                                                                SHA1:31ADCD411905832B89EA55DEC8B9C83AF3C7D3EA
                                                                                                                                                                                                SHA-256:432AEDAC59FA161FED5A5D95CA5F8CFD1D73A35ABE8A7090D137100F727B687B
                                                                                                                                                                                                SHA-512:AD0E6F8071EB09E843989E637BACA988DD7706D84FC26DB7C2E18BBE03A78A6C5BFE4F1B28289B5929B2B86C53FB6C3DAE42523DC8EDE8057A8F431AEA77BB20
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~fQ.~fQ.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQ.~gQ.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQRich.~fQ................PE..L....PjW...........!.........................0.....o.........................p.......8....@..........................8......43..P....P...............2..@....`.......1..............................P1..@............0.......2..@....................text............................... ..`.rdata..T....0......................@..@.data........@.......&..............@....rsrc........P.......*..............@..@.reloc..J....`......................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):186944
                                                                                                                                                                                                Entropy (8bit):6.612459610032652
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:XsSFQQB7SGWV2xrkvql6QPJD7mGVqjLypDTaDE5zwmFxy7HglbZrdIG:XJ97PxYAPJ/RV0tDCzw+xy0ldOG
                                                                                                                                                                                                MD5:E9373908186D0DA1F9EAD4D1FDAD474B
                                                                                                                                                                                                SHA1:C835A6B2E833A0743B1E8F6F947CFE5625FE791F
                                                                                                                                                                                                SHA-256:E2FBD6C6334D4765FF8DFF5C5FE3DF8B50015D0BF9124142748FADB987B492FF
                                                                                                                                                                                                SHA-512:BFDC236D462DAC45FD63C112E40558ED4E11E76FB4D713926A679FD573F67FA16451231A03178926B76BD267F092A33A3B6760CF4812DE2679BB9505B83F8261
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B.+.#.x.#.x.#.x.mGx.#.x..Ax.#.x..ux3#.x.[Lx.#.x.[\x.#.x.#.x #.x.Utx.#.x..tx.#.x..Dx.#.x..Ex.#.x..Bx.#.xRich.#.x................PE..L....PjW...........!................K........ .....o................................,j....@................................. ...d.......................@............"...............................f..@............ ..P...L|.......................text...\........................... ..`.rdata...m... ...n..................@..@.data....5...........z..............@....rsrc...............................@..@.reloc...%.......&..................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):145984
                                                                                                                                                                                                Entropy (8bit):6.69725055196282
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:S2yRKm4/j/dKLnjHy7OMD+MqS1RYio7+oD33GnUV0fem2M:S2ytqlYnjHehDzqiq+oD33OUV8Vx
                                                                                                                                                                                                MD5:4294D39CC9E5F23754D41B9DDE710112
                                                                                                                                                                                                SHA1:1BAA1E136F18108AB4E31EC005DEC54FC3F23A7C
                                                                                                                                                                                                SHA-256:DE3EEDED01B35DC7C29B0B758211BB1DB73CCFFB9298D281DAF56924ED9E93CB
                                                                                                                                                                                                SHA-512:E88DFF129DD35445B32A2DBCAB97CF752E9ACDF82FF88B184FA6D3B461D55BD2D195794802C5BA5E7EFFA086DC89E0C2CEF0C8B0BFA29AC70B75CFB1B4B0584C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........:.j.i.j.i.j.i..5i.j.i..8i.j.i...i.j.i..:i.j.i.j.i.j.i...i.j.i..=i.j.i..<i.j.i..;i.j.iRich.j.i................PE..L....PjW...........!.........P......)..............o.........................`............@.........................."..X.......P....@..............."..@....P..........................................@............................................text...N........................... ..`.rdata...9.......:..................@..@.data........0......................@....rsrc........@......................@..@.reloc..4....P......................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16448
                                                                                                                                                                                                Entropy (8bit):6.482296988184946
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:n11I27Bf0jeZy+hiqEyRoPV527rBnYPLr7/U:nrJfYqodYJC78
                                                                                                                                                                                                MD5:4BDF31D370F8A893A22820A3B291CC1D
                                                                                                                                                                                                SHA1:BD27656B42F881EEE1940CFE15CF84C1938B57BA
                                                                                                                                                                                                SHA-256:C98DFAC99CC1E05D5F86B2577031A7624DCC13D0A8344B2855F166335177BC16
                                                                                                                                                                                                SHA-512:51623274C13DA71AD01DBAD7950444B512F08C3DC04E27F0321DF02E9F3C4DFB308DEF35F58524CCCCE79ED2A8859D85C16DC0D9BEA378E5538E23602D35AA76
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{.m..d>..d>..d>.b.>..d>...>..d>..e>..d>...>..d>...>..d>...>..d>...>..d>...>..d>...>..d>Rich..d>........................PE..L....PjW...........!.........................0.....o.........................p......n.....@.........................P8..:....4..<....P...............(..@....`.......0...............................3..@............0...............................text............................... ..`.rdata.......0......................@..@.data...`....@....... ..............@....rsrc........P......."..............@..@.reloc.......`.......&..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):30784
                                                                                                                                                                                                Entropy (8bit):6.609051738644882
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:mk87qhVj8sqgP7CRLMOPfkGo7UdJs0flkg2uG8RPGHTR5ny5pnYPLr7z:mk87qhVjaMOPJdJFflLJR+V03C7z
                                                                                                                                                                                                MD5:7BD914407C6D236B27865A8C63147B7F
                                                                                                                                                                                                SHA1:9B49E48705341D30E3F92B85652E924C7985E415
                                                                                                                                                                                                SHA-256:549849DC910261D817670B192715430395993E811D0FD3103651237D7F18929D
                                                                                                                                                                                                SHA-512:624DC95F696BEA311726EAFB0017F363C8703B95A2E08DE984C642867888CF5B9172326C2E2567ED4A2EA28F806B633840552C80BE49EB6CF2A8FC4A0C259117
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.Nu.h &.h &.h &...&.h &...&.h &...&.h &.h!&_h &...&.h &...&.h &...&.h &...&.h &...&.h &Rich.h &........PE..L....PjW...........!.....8...(.......A.......P.....o.................................G....@.........................P^.......V..P....................`..@...........`Q...............................U..@............P..D............................text...66.......8.................. ..`.rdata.. ....P.......<..............@..@.data...$....p.......V..............@....rsrc................X..............@..@.reloc...............\..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):27712
                                                                                                                                                                                                Entropy (8bit):6.6264206752006825
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:hgWe1DWI+mB7JkJKe3xVF2XNbuHEqe8yIGn3zY9pcQ/oGmEsg0sqkgiHmNs2Qd6X:qWbEK1Ms2dYJG
                                                                                                                                                                                                MD5:6280201C1918EA3293919BB282D2B563
                                                                                                                                                                                                SHA1:3F6F5299A435E2A0C36BE8AAD4CB2FCAACD0897D
                                                                                                                                                                                                SHA-256:0711127A297E4CC1927D77013FC040CAA26930C34A4C7B4D7631BCE9C8041B74
                                                                                                                                                                                                SHA-512:A4C4507ED4FDEC038FAFA62970161E7B75FF9A2ABBDF854ED55483144DCDC0FC9D21235FDDDF1B38303723F9C615AE388397C4D17B5391D8827A5B40AC52C5FC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q...q...q.......q.......q.......q...q...q....=..q....<..q.......q.......q.......q..Rich.q..........................PE..L....PjW...........!.....6...$.......?.......P.....o................................p;....@.........................0Y.......S.......p...............T..@.......0....Q...............................R..@............P...............................text...f4.......6.................. ..`.rdata.......P.......:..............@..@.data...L....`.......J..............@....rsrc........p.......L..............@..@.reloc...............P..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):178240
                                                                                                                                                                                                Entropy (8bit):6.793245389378621
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:gWosiKTxga2KtpdhEnGF5PNyR0BxDxxKF5HkEWnuYsauj9Fom1QB:3RRKAtpdhEn/0BzwFpvYm0z
                                                                                                                                                                                                MD5:BF299F73480AF97A750492E043D1FADD
                                                                                                                                                                                                SHA1:C93C4A2DAE812F31603E42D70711D3B6822F9E8E
                                                                                                                                                                                                SHA-256:0334E3B7AE677116B92516172D0CA905723DAF847D8B3B0DC3FC118EDC703D51
                                                                                                                                                                                                SHA-512:7265783F0DD653DBC4693D5EFEB156281620C5421F29910F14C22B75A936233E9E897087E64B641335795484837F28F113EE9F380027698A898F19115FD0F648
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:..di..di..di.k.i..di.k.i..di...i..di.k.i..di..ei..di.k.i..di.k.i..di.k.i..di.k.i..diRich..di................PE..L...pPjW...........!.....^...F.......g.......p.....o.................................Z....@.............................d....x..P.......h...............@....... ...`q..............................pw..@............p..H............................text....\.......^.................. ..`.rdata.......p.......b..............@..@.data................v..............@....rsrc...h...........................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15936
                                                                                                                                                                                                Entropy (8bit):6.474237923131844
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:Gps45cnQ6DmSHhV8r0eeU4Szi6nYPLr70aG:Gpsnn4S/8rxeUvC7RG
                                                                                                                                                                                                MD5:9A4CF09834F086568DF469E3F670BF07
                                                                                                                                                                                                SHA1:594C4E0394475A6299C79E3A063C7D5AE49635F3
                                                                                                                                                                                                SHA-256:709E9E544434C52285A72F29AD6B99CE1E7668545F10AD385C87ABF34D2052BB
                                                                                                                                                                                                SHA-512:CD551E7944461F3288B880B9D161F19F97EB4599A3A46CC93C4172B5112960FB0C040B9996F13CF0761FB85A283E2F20944135EC59660C807A59B29CDDC44586
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......@....@.................................4#..P....@..T............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...T....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15936
                                                                                                                                                                                                Entropy (8bit):6.477340414037824
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:Gps45cnk6LlmSHhV8i+ceek4SzS+nYPLr7wd:Gpsnn5AS/8jZek7C7wd
                                                                                                                                                                                                MD5:4DE6BFE6EA98BC42A5358ED8307107B2
                                                                                                                                                                                                SHA1:8F687E60784FD9046A361DC1DC85D43051CBD577
                                                                                                                                                                                                SHA-256:7C07D167AA4A23AB64A205301663C87E578FF6B31985DF8B51AF80CA6999176F
                                                                                                                                                                                                SHA-512:8091AADEACAD1DAC5191EBB996D1E4BE25A19C10A4E76F79AB7EA2A592711FD39AAD7E89D7DEE09385296AA7A649AABFA7C325C4A627AFE1C009C906709EDB5A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`............@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15936
                                                                                                                                                                                                Entropy (8bit):6.477747126356611
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:GpsJ5cn66FmSHhV8Teeek4SzSgnYPLr7mpB:GpsUngS/8TDekdC7yB
                                                                                                                                                                                                MD5:CA17B8CBD623477C5D1D334B79890225
                                                                                                                                                                                                SHA1:2BFC372A28EDE40093286CDA45003951A2CE424F
                                                                                                                                                                                                SHA-256:A7AC47AC8518E2D53575E12521B3A766A5E2EE4133C6C6AB9AE1C3C6777F5E77
                                                                                                                                                                                                SHA-512:D9DDF3E67B9A4E0197D271243623D4DF8A26A35EC2F5195AB316E910E133BA09C70F6D28E7CA69184E4ABABCF063C014D7A6E6EA48F82382B316864A945175C5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`....... ....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15936
                                                                                                                                                                                                Entropy (8bit):6.476844183458217
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:Gpsw5cnL6U0mSHhV89+ee84SzSFnYPLr7KTdK:Gps/nHpS/89je80C7KQ
                                                                                                                                                                                                MD5:B4AD335E868693F009B7644E2ED555C1
                                                                                                                                                                                                SHA1:ECCB9711CF78BCD5BD78231A838B1852764B301C
                                                                                                                                                                                                SHA-256:CCA46A54A1A9CE78F7FFC49D195C4AB970AD540B5FCB2B6D9BF57EEDF38EC28D
                                                                                                                                                                                                SHA-512:04A4670345B47C5B256220A85FFC68A1DD6DFE8D44838A4C634EB0EBC469EFC307B0BCF838AA1244634A315F365518B1633586B872C6D459EE80374D14234CA4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......{.....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):185920
                                                                                                                                                                                                Entropy (8bit):6.517453559791758
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:pmxoFzYbnERrNyf0VCyqp2pswAG8wJfV1cnrQKUCc9rBTq/bKQcUMZ:koFJcQCyuZG8wdKcLgbDcU6
                                                                                                                                                                                                MD5:D4246AF96E1FFA5E63C55E6F0A63ED82
                                                                                                                                                                                                SHA1:30F319CEBD7BCCCFC3637231D07F45BD5A79B03E
                                                                                                                                                                                                SHA-256:84576AAC88D08E864645415D8A81F4B8F04C881B7624973C952BA6BCB94F4C8C
                                                                                                                                                                                                SHA-512:92EDFE62BE5BDDC47EC51B01F8FE71C69691423ABECBB358A972766ACCDC8F9365C064FD0A7833C8853EDD5DED51791A7662584DB5F54BE3586AC2787160FA6A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......AE.m.$z>.$z>.$z>.\.>.$z>...>.$z>...>.$z>...>.$z>.${>T$z>...>"$z>...>.$z>...>.$z>...>.$z>Rich.$z>........................PE..L...pPjW...........!.................%.......0.....o......................................@..........................P..h...LK..d.......................@.......$... 1...............................I..@............0...............................text............................... ..`.rdata..H#...0...$... ..............@..@.data....h...`...\...D..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):33344
                                                                                                                                                                                                Entropy (8bit):6.5580840927675945
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:5TuVpsEkV3/azbYJHf2ZdCwhxKdv0tCFC7dRb:5YQV3/az8x2HCSScC4dRb
                                                                                                                                                                                                MD5:EFF31A13A4A5D3E9A5BD36E7349D028B
                                                                                                                                                                                                SHA1:8E47BE8C1CE4DFD73B7041679E96EA4A17DDB4C0
                                                                                                                                                                                                SHA-256:307B816892FDD9BAD9E28953E1BBB4BCE35C8F8CA783C369D7EB52A22BCC4229
                                                                                                                                                                                                SHA-512:72148C757624868D3866C40B31149CCA171737D82ADBCDF2C8FB03A9D8F3C1CEA2B2FC5137DD11DAAD2328D3AF8FAE43568DCCD843664BC43323F9357B67B6A0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\j.29.29.29w..9.29...9.29...9.29..9.29...9.29.39..29...9..29...9.29...9.29...9.29Rich.29........PE..L...pPjW...........!.....,...>......H6.......@.....o................................T.....@..........................T.......K.......................j..@...........pA..............................XJ..@............@..P............................text...^+.......,.................. ..`.rdata...-...@.......0..............@..@.data...@....p.......^..............@....rsrc................`..............@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):574528
                                                                                                                                                                                                Entropy (8bit):6.508068830472597
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:NtKMEr1LBBgPcvhwhtRtL+tKJZetu4zxLukaMevlOjPMat4+8NMutQaLqqiINw3X:NtKMEr1VBgPcvhwhtRtL+tkZezxLuQeS
                                                                                                                                                                                                MD5:5E1B7D0ACCB4275DEAB6312AA246CB3E
                                                                                                                                                                                                SHA1:488A5CB9D9C0CF27824DF32B9B76D4F67F6FB485
                                                                                                                                                                                                SHA-256:9FC49B3F6FD11A2B2B92748C24F21721D1011B1920D092E38AF4021102125543
                                                                                                                                                                                                SHA-512:5A875DD4731E862F753EBB987593DC61D39DD3D3D13CDED284DE27DD09AFA946FA96824AC194EC0DD45AA2CE0D56637A5522F49F28F3C89B7F5248D389B1B62E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y...8i.8i.8i.@..8i....8i.8h.8i....8i....8i.....8i....8i....8i....8i.Rich.8i.........PE..L...pPjW...........!...............................o.....................................@......................... ..."......<.......................@...........................................p...@............................................text............................... ..`.rdata..B...........................@..@.data...,...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):455328
                                                                                                                                                                                                Entropy (8bit):6.698367093574994
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:uZ/8wcqw2oe+Z3VrfwfNOOoWhUgiW6QR7t5ss3Ooc8DHkC2e77/:W/8wVwHZFTwFOOos3Ooc8DHkC2e77/
                                                                                                                                                                                                MD5:FD5CABBE52272BD76007B68186EBAF00
                                                                                                                                                                                                SHA1:EFD1E306C1092C17F6944CC6BF9A1BFAD4D14613
                                                                                                                                                                                                SHA-256:87C42CA155473E4E71857D03497C8CBC28FA8FF7F2C8D72E8A1F39B71078F608
                                                                                                                                                                                                SHA-512:1563C8257D85274267089CD4AEAC0884A2A300FF17F84BDB64D567300543AA9CD57101D8408D0077B01A600DDF2E804F7890902C2590AF103D2C53FF03D9E4A5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+.N+.N+.N.3wN).N+.N..Nm.aN(.Nm.cN#.Nm.]N..Nm.\Ne.Nm.YN-.Nm.`N*.Nm.gN*.Nm.bN*.NRich+.N........................PE..L....|OR.........."!.........................0.......................................x....@..........................W..L...<...<........................>.......D...................................K..@...............<............................text...<........................... ..`.data....^...0...0... ..............@....idata...............P..............@..@.rsrc................j..............@..@.reloc...D.......F...n..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):773968
                                                                                                                                                                                                Entropy (8bit):6.901569696995594
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
                                                                                                                                                                                                MD5:BF38660A9125935658CFA3E53FDC7D65
                                                                                                                                                                                                SHA1:0B51FB415EC89848F339F8989D323BEA722BFD70
                                                                                                                                                                                                SHA-256:60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA
                                                                                                                                                                                                SHA-512:25F521FFE25A950D0F1A4DE63B04CB62E2A3B0E72E7405799586913208BF8F8FA52AA34E96A9CC6EE47AFCD41870F3AA0CD8289C53461D1B6E792D19B750C9A1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L..."._M.........."!.........................0.....x................................u.....@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):970912
                                                                                                                                                                                                Entropy (8bit):6.9649735952029515
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV
                                                                                                                                                                                                MD5:034CCADC1C073E4216E9466B720F9849
                                                                                                                                                                                                SHA1:F19E9D8317161EDC7D3E963CC0FC46BD5E4A55A1
                                                                                                                                                                                                SHA-256:86E39B5995AF0E042FCDAA85FE2AEFD7C9DDC7AD65E6327BD5E7058BC3AB615F
                                                                                                                                                                                                SHA-512:5F11EF92D936669EE834A5CEF5C7D0E7703BF05D03DC4F09B9DCFE048D7D5ADFAAB6A9C7F42E8080A5E9AAD44A35F39F3940D5CCA20623D9CAFE373C635570F7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S9...XlA.XlA.XlA..A.XlA.XmA.XlAQ..A.ZlAQ..AvXlAQ..A!XlAQ..A.XlAQ..A.XlAQ..A.XlAQ..A.XlARich.XlA........PE..L....|OR.........."!................D............................................... .....@.........................`........R..(....p...................>......d]..@...8...........................H...@............P...............................text............................... ..`.data...4e.......V..................@....idata.......P......................@....rsrc........p.......0..............@..@.reloc..d].......^...4..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):79936
                                                                                                                                                                                                Entropy (8bit):6.675027571633986
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:ygRdVzzmTj2iu+wk5eQjBE55W+hYRwZZ3GFjJJ5n5WF:yIfmHsM5j6VqJJ55WF
                                                                                                                                                                                                MD5:691B937A898271EE2CFFAB20518B310B
                                                                                                                                                                                                SHA1:ABEDFCD32C3022326BC593AB392DEA433FCF667C
                                                                                                                                                                                                SHA-256:2F5F1199D277850A009458EDB5202688C26DD993F68FE86CA1B946DC74A36D61
                                                                                                                                                                                                SHA-512:1C09F4E35A75B336170F64B5C7254A51461DC1997B5862B62208063C6CF84A7CB2D66A67E947CBBF27E1CF34CCD68BA4E91C71C236104070EF3BEB85570213EC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!.._e.}.e.}.e.}.~'..d.}.~'..g.}.....f.}.~'..c.}.e.|..}.l...b.}.l...d.}.~'..D.}.~'..d.}.~'..d.}.~'..d.}.Riche.}.................PE..L...pPjW...........!.........l.....................o.........................`......-.....@.............................1............0............... ..@....@...................................... ...@...................l...`....................text............................... ..`.rdata...L.......N..................@..@.data........ ......................@....rsrc........0......................@..@.reloc..*....@......................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):51264
                                                                                                                                                                                                Entropy (8bit):6.565433654691718
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:a+BEJER/xSW/EoB8VBQZbKYawLysHFhIAqQbQMD8YpwQ+Qi4v8qUYVC7R:a+BEJERvQGbKnwusjIAq08YDi4UqUYoR
                                                                                                                                                                                                MD5:95EDB3CB2E2333C146A4DD489CE67CBD
                                                                                                                                                                                                SHA1:79013586A6E65E2E1F80E5CAF9E2AA15B7363F9A
                                                                                                                                                                                                SHA-256:96CF590BDDFD90086476E012D9F48A9A696EFC054852EF626B43D6D62E72AF31
                                                                                                                                                                                                SHA-512:AB671F1BCE915D748EE49518CC2A666A2715B329CAB4AB8F6B9A975C99C146BB095F7A4284CD2AAF4A5B4FCF4F939F54853AF3B3ACC4205F89ED2BA8A33BB553
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J!...@..@..@...@..@...u..@...B..@..@..@..8M..@...t..@...E..@...D..@...C..@.Rich.@.........PE..L...pPjW...........!.....V...Z......9_.......p.....o................................X.....@..............................+..L|..........................@.......t....r...............................{..@............p...............................text...TT.......V.................. ..`.rdata...F...p...H...Z..............@..@.data...(...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17472
                                                                                                                                                                                                Entropy (8bit):6.403594687791098
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:A3PK394shTLHzW8KMw3X+PVR6y/FNdoEUtnYe+PjPriT0fwoBpp6Z:BThTrzPPQOPV5NNdoEwnYPLr7xc
                                                                                                                                                                                                MD5:94CAADA66F6316A9415A025C68388A18
                                                                                                                                                                                                SHA1:57544E446B2B0CFBA0732F1F46522354F94B7908
                                                                                                                                                                                                SHA-256:D1C4FB91296D643AEE6AB9CD66CC70ACBE2667AD572D969A06FFEAA2A8859FAF
                                                                                                                                                                                                SHA-512:AC29E7C722A266DCB633953EF2A7E33DF02059AC7876FF94828464B5B74B5BC321C5D2D2851F3CBBFE1328D18F3CD9A49E5EFFE7E4E8AC2BEB3A0E4AAA53AD87
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............w...w...w....@..w..O9K..w....O..w...w...w....M..w....x..w....y..w....H..w....I..w....N..w..Rich.w..........PE..L...qPjW...........!................)........0.....o.........................p......w.....@..........................7.._....3..<....P...............,..@....`.......0...............................2..@............0...............................text...>........................... ..`.rdata..O....0......................@..@.data...X....@......."..............@....rsrc........P.......$..............@..@.reloc.......`.......(..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16448
                                                                                                                                                                                                Entropy (8bit):6.380289288441742
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:GpsCgvnvId6YmSHhV85AeencGtnYPLr7Vz:GpsDngGS/851ebC7Vz
                                                                                                                                                                                                MD5:7DA6AA3CC4763C6F9C20B43E6C9A9547
                                                                                                                                                                                                SHA1:3F28CF8E6AAD199DCC621F2A2C8AD50126813B05
                                                                                                                                                                                                SHA-256:F7375AD07F0BE6FD75E822A9ECFF5ACA073DB03B95894C05C7657BEC7AF59AF4
                                                                                                                                                                                                SHA-512:7948EAA11B4026F9975B6CC4225A4C0B617341299364196F3825EEF4484A6EEB529319BF4F6D19436689083C36BF1F6B9880574764612FC900C8CC1D73EED1BB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................z........ ....@..........................`......1.....@..................................#..P....@..H............(..@....P....... ..............................h"..@............ ...............................text............................... ..`.rdata..*.... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......&..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15936
                                                                                                                                                                                                Entropy (8bit):6.4779230305378315
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:Gpsk5Bn46zmSHhV8yYAeeU4Sz5uwnYPLr73ki:GpsungS/8yY1eUuwC79
                                                                                                                                                                                                MD5:E9AA62B1696145A08D223E7190785E25
                                                                                                                                                                                                SHA1:A9A0CB22A28A3843CF6CCBC9578B1438F0A7B500
                                                                                                                                                                                                SHA-256:EA9DF3432EF31B6864112AF1CEC94E6BE33B92A9030369B9F99225113BCA6EF8
                                                                                                                                                                                                SHA-512:516FA102922980DF592DD08A840DA9073B6568F5E52847968C59995F2BD067AC6D2668D0272AE017D0C71AF627766A8676AE1EB1BC520B76F1F9C5CEEB4BA840
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......#....@.................................D#..P....@..T............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...T....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):773968
                                                                                                                                                                                                Entropy (8bit):6.901569696995594
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
                                                                                                                                                                                                MD5:BF38660A9125935658CFA3E53FDC7D65
                                                                                                                                                                                                SHA1:0B51FB415EC89848F339F8989D323BEA722BFD70
                                                                                                                                                                                                SHA-256:60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA
                                                                                                                                                                                                SHA-512:25F521FFE25A950D0F1A4DE63B04CB62E2A3B0E72E7405799586913208BF8F8FA52AA34E96A9CC6EE47AFCD41870F3AA0CD8289C53461D1B6E792D19B750C9A1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L..."._M.........."!.........................0.....x................................u.....@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):172096
                                                                                                                                                                                                Entropy (8bit):6.3747906238754855
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:1WkHL+UE3r2l5p2WqjgFWcWpPa6QoCzOb/UcODMM4cBqg8UyJNd5uGZzfYtRD+Em:YdNq5YkFuPYzOb/UcODMM4cBqg8UyJNR
                                                                                                                                                                                                MD5:FB658E2F5E185FE5762B169A388BA0BD
                                                                                                                                                                                                SHA1:386235AB2F7AD35E82CD9AC97E9B56E1E308BC90
                                                                                                                                                                                                SHA-256:A91E68C76A90A02D9EDF75E5141C248B3AA5DD612E37883D27065D78A782AF20
                                                                                                                                                                                                SHA-512:B0EAB6F2572552298CD221AF9E71CA7C02375D92E14F7EBD783F5DC9247964F72E658DBFC4273BD3C36DF57199171263F1A4969F133823965448C552BB514EEC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-n.C=.C=.C=...=..C=a..=..C=...=..C=...=..C=.B=..C=...=..C=...=.C=...=.C=...=.C=...=.C=...=.C=Rich.C=........................PE..L...rPjW...........!.....J...@.......-.......`.....o......................................@.............................A............ ...h..............@.......h....c..................................@............`..H............................text....H.......J.................. ..`.rdata..!....`.......N..............@..@.data...X!..........................@....rsrc....h... ...j..................@..@.reloc...".......$...d..............@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15936
                                                                                                                                                                                                Entropy (8bit):6.477211573452372
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:Gps25Bnb61mSHhV8nOeet4SzvBQnYPLr7D8/:Gpson1S/8nTetJSC7+
                                                                                                                                                                                                MD5:ED3F3D8E4C382BF8095B9DE217511E29
                                                                                                                                                                                                SHA1:CAE91B9228C99DCC88BAC3293822AC158430778C
                                                                                                                                                                                                SHA-256:800F41B877AA792A8469C4DBB99838E7A833B586EC41BD81DA81EAA571F7FAC1
                                                                                                                                                                                                SHA-512:023855267C6CC6BD5230E7A922310328E8DC0521C041C038C579035C9B1E70EAC168695B56357793505375E0B134FAD040BB284C6B02B3190EE7F6FCAEC33FE9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`...........@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):52800
                                                                                                                                                                                                Entropy (8bit):6.433054716020523
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:Rk2X5KQaT9nNrmTTY99ccAlGGzGRulFJWpiDO:RkgUhpmA99ccOGGzGRuPJWpgO
                                                                                                                                                                                                MD5:6D05EAD2F6B95C4AFFCFB1B27DC0C188
                                                                                                                                                                                                SHA1:0D04A67505D006493F252985AC294B534D271EF2
                                                                                                                                                                                                SHA-256:6330591A151E565B5EAB2D174DF8E2F6523A8F403E4E8D8C8DC58D0945881F19
                                                                                                                                                                                                SHA-512:DBE98FA16162636039853E9A82CADBE4E6D5A4E6E282A3FBBC122229C314C91E7C445FEB83921EBFE024DC09BC6AA76682F903036A2D2BEA363F1D09DD571B10
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q..D5.w.5.w.5.w..J..7.w.5.v...w.8..6.w.8..6.w.8..9.w.8..7.w.H..2.w.H..4.w.8..4.w.H..4.w.Rich5.w.........................PE..L...pPjW...........!...............................o................................/&....@....................................<.......................@...............................................@............................................text.............................. ..`.rdata..X...........................@..@.data...D...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):116288
                                                                                                                                                                                                Entropy (8bit):5.7845827860105885
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:UbqmeUF67oaebwU3ta+uHMg9glgFvcfgfgzgG4g9XTXDXp+RuXGXlXdY9vXTXvXQ:8qmeUF67ZeUUVjcIA
                                                                                                                                                                                                MD5:5AADADF700C7771F208DDA7CE60DE120
                                                                                                                                                                                                SHA1:E9CF7E7D1790DC63A58106C416944FD6717363A5
                                                                                                                                                                                                SHA-256:89DAC9792C884B70055566564AA12A8626C3AA127A89303730E66ABA3C045F79
                                                                                                                                                                                                SHA-512:624431A908C2A835F980391A869623EE1FA1F5A1A41F3EE08040E6395B8C11734F76FE401C4B9415F2055E46F60A7F9F2AC0A674604E5743AB8301DBADF279F2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........tm....X...X...X.G.X...X.G.X...X.G.X...X.G.X...XR..X...X...X...X.l.X...X.l.X...X.G.X...X.l.X...XRich...X........PE..L...pPjW...........!................=..............o................................|.....@.........................0...K...|...d.......................@....... ......................................@...............4............................text.............................. ..`.rdata..X...........................@..@.data...............................@....rsrc...............................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):86592
                                                                                                                                                                                                Entropy (8bit):6.686302444148156
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:/QsPinZd9lmzFRQnJ9sSpkWgVenAe7C3xWxNO3A4:lPE9lEmtpkj7eqWxNCA4
                                                                                                                                                                                                MD5:5E6DDF7CF25FD493B8A1A769EF4C78F7
                                                                                                                                                                                                SHA1:42748051176B776467A31885BB2889C33B780F2D
                                                                                                                                                                                                SHA-256:B9BEACA57BFF23C953917C0B2037351EF3334E6A9DE447DCA6542FE5C815BF9F
                                                                                                                                                                                                SHA-512:C47F742F064B99E5B9C2BDEAC97472D9D8C9466C9071E9799AF79F820199D9B30B198C33EF635F07A972B77475AFEA9E7417AA6335D22A7380E7B0E552869C18
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!3.ueRr&eRr&eRr&...&gRr&eRs&ERr&h..&fRr&h..&oRr&h..&hRr&h..&gRr&.+.&nRr&.+.&dRr&h..&dRr&.+.&dRr&RicheRr&........PE..L...qPjW...........!................~..............o................................O.....@........................../..B...D4..<....p...............:..@.......\...................................0...@...............|............................text...4........................... ..`.rdata..*w.......x..................@..@.data...$....@....... ..............@..._RDATA.......`.......(..............@..@.rsrc........p.......0..............@..@.reloc..\............4..............@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14912
                                                                                                                                                                                                Entropy (8bit):6.381906222478272
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:kNncquU+hyD13XLPVlD6o+N9F5os7USnYe+PjPriT0fwXF27:kNcWp7PVl67/nYPLr7s27
                                                                                                                                                                                                MD5:3C9DC0ED8ADD14A0E5B845C1ACC2FF2E
                                                                                                                                                                                                SHA1:25C395ADE02199BEDCEE95C65E088B758CD84435
                                                                                                                                                                                                SHA-256:367C552FBA3DA5F22791CF8F22B983871639ECD2EF7F5B1880021FE4C4F65EE4
                                                                                                                                                                                                SHA-512:4DD5F68180D03B6621E46732F04B47F996B96F91F67845538D1B303E598CCFDB5E4F785A76DE7DFCB8918125FDB06B9068C4EAB06984B5AA9224DCE90190BA1A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z>Mg._#4._#4._#4.'.4._#4..4._#4..4._#4..4._#4._"4>_#4..4._#4..4._#4..4._#4..4._#4Rich._#4................PE..L...pPjW...........!......................... .....o.........................`.......>....@..........................%......\"..d....@..............."..@....P..D.... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...`....0......................@....rsrc........@......................@..@.reloc.......P....... ..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15936
                                                                                                                                                                                                Entropy (8bit):6.466364086630595
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:Gpss5cnn6vmSHhV8TI1ee84SzK8nYPLr7HuY:Gps7nnS/8Tte8tC7HuY
                                                                                                                                                                                                MD5:12B6E1C3205A8B17AC20E00A889DFC43
                                                                                                                                                                                                SHA1:42458CFA7135858ACEF10803B87A208FA7E66413
                                                                                                                                                                                                SHA-256:EAEA20A794EC6BB15808EF278376A87CF91F9BE15FE6A7DE92014AC4BF75555D
                                                                                                                                                                                                SHA-512:174703820636DED2BA081420A8D1E37D67FDA6C13AC406C2F08E16DCF0C7B7D9642E37BC888802B50ED3438D6029C4FECCD7C151B82CF9A91F13F36C4A0B2019
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......r.....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15936
                                                                                                                                                                                                Entropy (8bit):6.475930674615241
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:GpsFG5BnK6xmSHhV8TCeeX4SzREnYPLr7Ggp:Gpsen0S/8TveXUC7jp
                                                                                                                                                                                                MD5:31C0CED43A07A2DFF3AFC557EBABBE0F
                                                                                                                                                                                                SHA1:9100A7393B919EB35C79CE16A559D783219E2F20
                                                                                                                                                                                                SHA-256:B93D0D62436D89C84C66ABBDCF817084A6BA01F7E10053C8F343DF5D53D37536
                                                                                                                                                                                                SHA-512:716818BBF6E4F21C2A627259F1D35E8375EFEF9C3B197B3AF6E10A4A1735CC643141C32270DF7F6FE25733517BE38CAA09205B98119996237E8EAE6A7D0825A7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......84....@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15936
                                                                                                                                                                                                Entropy (8bit):6.475447140204412
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:Gps85BnF26emSHhV8QM1eet4SzvBonYPLr7I:GpsGnFjS/8QBetJWC7I
                                                                                                                                                                                                MD5:43C1D1D0E248604CB3B643C0BDF4EC9A
                                                                                                                                                                                                SHA1:7BEE9DEB1E43F0FECF0FC57BDFD3F79CF048151F
                                                                                                                                                                                                SHA-256:165BFF317674BE33F2920320F3EF0957539E5BF149B673C2073DF48FF93A6D94
                                                                                                                                                                                                SHA-512:CAA9B14DF20FFF92CFC4F9A8557804FBD4CC02831824CD53AEAC7D0EE7918BBD50E22A69AB5FFC9E92A468A5201DF263707D373D60378817DC5FEFDE1ABC48BF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......t....@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):177216
                                                                                                                                                                                                Entropy (8bit):6.909590121652277
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:L9Wyo+Jyru3w8WqWnJjOUrI7vh+Dug9PVWU+kmaVE9TBfQiJ8:BWyPsi34i+DugFj+kmaVE9TB4/
                                                                                                                                                                                                MD5:8DC2356E3FF3A595AEDE81594A2D259A
                                                                                                                                                                                                SHA1:A05E05E9EA8FB0C8928112CA931EB4F5E977B92A
                                                                                                                                                                                                SHA-256:B9DE5D3ABBC0AC956E7F590E4C8507FF570B6C353374BB80F413B5846CE322FE
                                                                                                                                                                                                SHA-512:D5C83EBDB7192DD361856B236A07AFD4FF95E68E0036396D68A3407ED680D4A36EC857AB101DBA5F583AA67CC45A2835178DAC84A68472C7F619EFA674FE51F0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................8h....z.l.....8j.....8_......_......g.......h....8^......8o.....8n.....8i....Rich...........................PE..L...pPjW...........!...............................o......................................@.........................`...........P.......................@...........`...................................@...............D...|...@....................text............................... ..`.rdata..]...........................@..@.data....1..........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):473152
                                                                                                                                                                                                Entropy (8bit):5.475991416072106
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:ngmgmb+p19k+j4QJKFDSha+IJ6NyLu/wtAWvrMZp5WMuBzj:n17bsj4QJlha+XNyLu/iAWvhBzj
                                                                                                                                                                                                MD5:79CFE207E05F771E29847573593F6DE1
                                                                                                                                                                                                SHA1:34DFA813802C6F5A57A557BF72B2B306F8042E90
                                                                                                                                                                                                SHA-256:AEB27727F428116069944BB92B477D7487C9DEB3921E1005814536459E35222F
                                                                                                                                                                                                SHA-512:2C71A827BB156BD012BE20B30D701D5123D8B6C7889D4F4A47A483D3477C25BF224E7F205CA9FCCB08DA0A2EF28AF6433D018A0E555BCE911C31A5F462F41578
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@.....@..@..@..4@..@.u2@..@.u.@..@../@..@..?@..@..@:.@k..@..@.u.@\.@.u7@..@.u6@..@.u1@..@Rich..@........PE..L...pPjW...........!.....^..........r .......p.....o.........................p............@.........................@D.......+...........s........... ..@.... ..H6...t..................................@............p.......).......................text...\\.......^.................. ..`.rdata.......p.......b..............@..@.data....I...P...*...8..............@....rsrc....s.......t...b..............@..@.reloc...H... ...J..................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):52800
                                                                                                                                                                                                Entropy (8bit):6.367562931371078
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:0UD9dxWf4b4UoY6sUsaJ2sQ7O+phclByW3T9KMDbgz2dN6lDb/9/YMw0c3D6QsTY:0IofovBbS9KMvHR0cz6QsTPOXm2BT9j7
                                                                                                                                                                                                MD5:F434A8AC7F1C8C0E2587B9A9F30E397B
                                                                                                                                                                                                SHA1:BD62E10E44117A60EB4180412112593D9460299D
                                                                                                                                                                                                SHA-256:6A994B389B8F7109238DE6F230B1B540186ED2EC8D081C7601C6996863AA4DC8
                                                                                                                                                                                                SHA-512:9896DAC36BD4F7289C7701B75AD8EB9F7ACD233384075A3FBA6E6F2F38E420F37C1A29317EEEA3C4DDBA1791F6F17187DD5BDFDD9F98F095E7D4DF20C0D5EA3E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Hi.m...>...>...>..u>...>.Fq>...>..w>...>..C>...>.pj>...>.pz>...>...>...>c~B>...>..B>...>..s>...>..t>...>Rich...>........PE..L....HjW.................f...R.......i............@.................................._....@.....................................x.......................@.......X...@...............................P...@...................`........................text....e.......f.................. ..`.rdata...5.......6...j..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):123968
                                                                                                                                                                                                Entropy (8bit):6.699694377005066
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:jWi/SLhxEJKv0O4+zwtKg3HquHB2u0YUdRXGCDilgKptxG0ULtt1vtxgl0IlgqA2:+vdtg6ZYUniPe5vtxgl0IlgqA2
                                                                                                                                                                                                MD5:0BAB62A0CF67481EA2A7F3CAFD7C5144
                                                                                                                                                                                                SHA1:D6B010C815F4D9C675DF918B615FE0AAE45249EA
                                                                                                                                                                                                SHA-256:FC57682FDBCA50FAEBFC6B4F5D199FC407A541C110C15F0C850503006D32301A
                                                                                                                                                                                                SHA-512:0128813DE247246BF4AECE1B222B6611E5AE1EDE01A1B339CFE0F98184739D7A066DAE4F1A271F544BB39F9B79F053F4B96F2E471B9444C29855CF52FB7835CB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y..@=..=..=..4.1.?....:.<..&G>.>..=.....&G<.:..&G..>..&G.....&G9.<..&G8.<..&G?.<..Rich=..................PE..L...qPjW...........!.........................0.....p......................................@.........................p...:...\...<.......................@............0..................................@............0...............................text............................... ..`.rdata.......0......................@..@.data...............................@....rsrc...............................@..@.reloc..>...........................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):25664
                                                                                                                                                                                                Entropy (8bit):6.488681310308951
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:GxZ2v7Oc56lspQEgde9M3z27lFOJIjkzIPV5yKlWFKbKwnYPLr7Wo5L:Xr5PQEOe9MD4lFhjk8ddeKWwC7dL
                                                                                                                                                                                                MD5:039AD8A7A4B14C321F156878838A2340
                                                                                                                                                                                                SHA1:6AD9D2FBA988193D16E7B3278C0D0757AB99B3EF
                                                                                                                                                                                                SHA-256:ED3AD7EBA989FB31C2ABC3220694D1446D33659782CB1B333318EC54A577389D
                                                                                                                                                                                                SHA-512:7D5B8C191A7D0C4FEDB831DE197A3CB5DC0564AD3F2E57EEE8C506B2308B656D2F0FE086D508FAB8F03CA0E1B0574E708728373DFA3116C9B9FC5DFDB72FEE46
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O.............................;......V...............:..........................Rich....................PE..L...rPjW...........!.....(..."......h2.......@.....p.................................3....@.........................`O.......G..d....p...............L..@...........PA..............................8D..@............@..4............................text....&.......(.................. ..`.rdata..8....@.......,..............@..@.data...`....`.......B..............@....rsrc........p.......D..............@..@.reloc..^............H..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):195136
                                                                                                                                                                                                Entropy (8bit):6.80727029211823
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:fmtIwyq6lFq857zCYLFYEVothL10xYOXjV5qECVTHLy71vJ2qIcWYEfQQxIYh5t+:mIwyqM7qYLVVIqhfqfTm1W+Tws
                                                                                                                                                                                                MD5:E1904A4B2D6F657B9FEF053893FE3C41
                                                                                                                                                                                                SHA1:59AC965A1029AE936DDD5AE623A9A025D49737EC
                                                                                                                                                                                                SHA-256:5929E3510F67FEAE073B8995BFC542FD7A0626F57D2FBC829EFC95206DF8F85F
                                                                                                                                                                                                SHA-512:C0A60928299EA2E6DC8AD1E3DE9CEF77C8E520585F8D73BD7F56E33705D1A2AEC04AE9C01A8069AE5A0D71F28AEF42F4A260CF4D5BB44A95DCEB70E5C8DB8FEA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`.zS$...$...$...-..&...?>..'...?>..!...$.......?>.. ...?>......?>..%...?>..%...?>..%...Rich$...................PE..L...pPjW...........!.....f...........p.............p......................... .......]....@.............................f...\...P.......................@...............................................@............................................text....e.......f.................. ..`.rdata..v[.......\...j..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16448
                                                                                                                                                                                                Entropy (8bit):6.392776971200692
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:GpssZwnvNmc6DDmSHhV8Ogee1cGPnYPLr7fl:GpssqnFm16S/8OVeLC7fl
                                                                                                                                                                                                MD5:7624A9B769CDCF3A75FE5A9FEAADD61F
                                                                                                                                                                                                SHA1:9269968968CD63D6E1ECC14F78B9A630FCC26FBE
                                                                                                                                                                                                SHA-256:41F9A804C888A58DECDE2B63A544DBFF536B40D87CECED197E1A14050858C0DA
                                                                                                                                                                                                SHA-512:1AF7BB30E1FC7600AD0A209DB4E077DAB9CEAA5C4332F8B1353ED0DB7EA71B4A9B7D126E756B634D3FB22618E39AFC5ED52263C88E9F7646EAABB0D9240E382B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................z........ ....@..........................`......n.....@..................................#..P....@..\............(..@....P....... ..............................."..@............ ...............................text............................... ..`.rdata..J.... ......................@..@.data........0......................@....rsrc...\....@......................@..@.reloc.......P.......&..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):65600
                                                                                                                                                                                                Entropy (8bit):6.461111208462538
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:lVeogiQWo3IzLIoDY9p6K/sdDAZ5e1x3afX:veDib4oDu4K/sdDAZ5CxEX
                                                                                                                                                                                                MD5:806580640A68234A711D3BB0642130A7
                                                                                                                                                                                                SHA1:1EDF20DAAC15FE90E9891E95130D0DD70D005B62
                                                                                                                                                                                                SHA-256:CCCC2A9F54E4F5961DD45DAA1F6C97ECFB156EA8E0DF82277A2C109EA4D2E036
                                                                                                                                                                                                SHA-512:0AAC087449DEECBB1CFAEE5C3144500CDC4C1D209D1F1F7D8EB41DD7870504BF71D0CC9AE7761BFC609F42273B7FB3CA7801AA54FB0E92BC71C41CC5CAECD31C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D.H%..H%..H%..A]).J%...k".I%..S.$.L%..S...D%..S.&.O%..H%..w%..S...A%..S.!.I%..S. .I%..S.'.I%..RichH%..........PE..L...pPjW...........!.........L.....................p......................... .......<....@.........................`...........d.......................@...........................................P...@............................................text............................... ..`.rdata..q-..........................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):159296
                                                                                                                                                                                                Entropy (8bit):6.019927381236816
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:9vFy5zbJEQFFB9AYeb11tzTQrTBfYEaf9zQ6NlUlh5:7iFry3b11twTBgEaf9zQ6Nc
                                                                                                                                                                                                MD5:C15F0FE651B05F4288CBC3672F6DC3CE
                                                                                                                                                                                                SHA1:FFCE84FE532B41F31CDDC41C84024FAFE6BC30E6
                                                                                                                                                                                                SHA-256:869DC4D40444F10325057B0CC3BB7EA48942DD712DF8A1AE331A554FF0397F1A
                                                                                                                                                                                                SHA-512:E9E27C4C68972E3250B380C1A5D5EB02BEC03028D389234A44A7D56974BFA233D177173F929BDB6FF877AE17A529D85D384684B0037E260A0143F7A95A0204C6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ar.:%..i%..i%..i,kKi'..i.]@i&..i>.Di&..i%..in..i>.Fi ..i>.ri8..i>.si,..i>.Bi$..i>.Ei$..iRich%..i........PE..L....DjW..........................................@..................................c....@..................................p..<....................V..@........... ...............................@6..@............q...............................text............................... ..`.rdata.............................@..@.data........P.......(..............@....idata..D....p.......8..............@....rsrc................B..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):39488
                                                                                                                                                                                                Entropy (8bit):6.751057397220933
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:Okt1MVMrA9/Klzwz9UyCgMUt9onPs3h3nVt83OndMY7dmMpAnC70N:Oo1oMQ/CrPa3VWO+gdmMW6q
                                                                                                                                                                                                MD5:DE2167A880207BBF7464BCD1F8BC8657
                                                                                                                                                                                                SHA1:0FF7A5EA29C0364A1162A090DFFC13D29BC3D3C7
                                                                                                                                                                                                SHA-256:FD856EA783AD60215CE2F920FCB6BB4E416562D3C037C06D047F1EC103CD10B3
                                                                                                                                                                                                SHA-512:BB83377C5CFF6117CEC6FBADF6D40989CE1EE3F37E4CEBA17562A59EA903D8962091146E2AA5CC44CFDDDF280DA7928001EEA98ABF0C0942D69819B2433F1322
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.d....]...]...]...]...].H.]...].H.]...].H.]...]...]_..].H.]...].H.]...].H.]...].H.]...]Rich...]........................PE..L...pPjW...........!.....N...4.......W.......`.....p................................*k....@.................................<x..P.......................@...........Pa...............................v..@............`..<............................text....L.......N.................. ..`.rdata..e!...`..."...R..............@..@.data...(............t..............@....rsrc................v..............@..@.reloc...............z..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21568
                                                                                                                                                                                                Entropy (8bit):6.4868701533420925
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:uVI9/tEAHVvfiqiW9LEiGTHb6hVXbS7fLsD5bGGNET7T7T7T7JyFoynPV5hgGLVt:uVI9/yA9f1iW9LEiGTHb6hVXbS7QbGG9
                                                                                                                                                                                                MD5:7C2959F705B5493A9701FFD9119C5EFD
                                                                                                                                                                                                SHA1:5A52D57D1B96449C2B40A82F48DE2419ACA944C3
                                                                                                                                                                                                SHA-256:596F89E7E5D9AC2B1F97FA36A20A7405C1CC41A9FCBA96DB089ADA4550131B24
                                                                                                                                                                                                SHA-512:B7B48BD14701F75B9018BEDEE5A4CFCEBDAC342F83339FB3F1EFB7855598474C9D1CC993B5D4ADD3326140435087D2BD7CBBC18BC76C64EAD6234A9A7D57C552
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D..3..`..`..`.E.`..`.E.`..`.E `..`...`..`..`2.`.E!`..`.E.`..`.E.`..`.E.`..`Rich..`........................PE..L...pPjW...........!.........".......#.......0.....p.................................h....@.........................@B.......<..x....`...............<..@....p.......0...............................;..@............0...............................text............................... ..`.rdata..6....0......................@..@.data........P.......2..............@....rsrc........`.......4..............@..@.reloc..&....p.......8..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):163904
                                                                                                                                                                                                Entropy (8bit):6.508553433039132
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:onzJtwzsrYx6cY+90AiVrM5muIqltkt7maRoM/X1fJqO0NJT:onttwzsrYxTaVVY5muIq3mx/X1fcb
                                                                                                                                                                                                MD5:A63387A1BFDF760575B04B7BFD57FF89
                                                                                                                                                                                                SHA1:9384247599523D97F40B973A00EE536848B1D76F
                                                                                                                                                                                                SHA-256:5DF5B7E6EFCC345DDC8448AFC707B666F5F696F554B00ACA64D8E23EDBC176BF
                                                                                                                                                                                                SHA-512:CB3A6A394424345FFA076E0BE58F284A0E4DB6FBFCE02D93FB4871D350A7FA1E673175AE988C26453DB1C983C0D06A01DD413DE47031BB4BF308CAAF3513C36F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5...T.^.T.^.T.^..)^.T.^../^.T.^...^&T.^.".^.T.^.,2^.T.^.,"^.T.^.T.^MT.^...^.T.^..*^.T.^..+^.T.^..,^.T.^Rich.T.^................PE..L...rPjW...........!...............................p......................................@.................................D........p..P............h..@.......d...................................P...@.......................@....................text............................... ..`.rdata...d.......f..................@..@.data...`@... ..."..................@....rsrc...P....p.......(..............@..@.reloc..~/.......0...8..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):69696
                                                                                                                                                                                                Entropy (8bit):6.89860109289213
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:ZCghp1EJqcGdjandlraksIOwIOpVnToIft4tpgO6:/142jUhimp9TBft4tqO6
                                                                                                                                                                                                MD5:CB99B83BBC19CD0E1C2EC6031D0A80BC
                                                                                                                                                                                                SHA1:927E1E24FD19F9CA8B5191EF3CC746B74AB68BCD
                                                                                                                                                                                                SHA-256:68148243E3A03A3A1AAF4637F054993CB174C04F6BD77894FE84D74AF5833BEC
                                                                                                                                                                                                SHA-512:29C4978FA56F15025355CE26A52BDF8197B8D8073A441425DF3DFC93C7D80D36755CC05B6485DD2E1F168DF2941315F883960B81368E742C4EA8E69DD82FA2BA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........H....................2.................4.....................5.............................Rich............PE..L...pPjW...........!.........h.....................p.........................0......V.....@.................................L...d.......................@.... ..X...0...................................@............................................text............................... ..`.rdata..wV.......X..................@..@.data...............................@....rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):155
                                                                                                                                                                                                Entropy (8bit):4.618267268558291
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:nSkoZgZLXnuWxVEsTwVAAiuKIn7IRAdSPGGzJ0vwQAnfMaAHCRyvy:nBcAPWEwVAkIiSPhwwpkaAHCIa
                                                                                                                                                                                                MD5:9E5E954BC0E625A69A0A430E80DCF724
                                                                                                                                                                                                SHA1:C29C1F37A2148B50A343DB1A4AA9EB0512F80749
                                                                                                                                                                                                SHA-256:A46372B05CE9F40F5D5A775C90D7AA60687CD91AAA7374C499F0221229BF344E
                                                                                                                                                                                                SHA-512:18A8277A872FB9E070A1980EEE3DDD096ED0BBA755DB9B57409983C1D5A860E9CBD3B67E66FF47852FE12324B84D4984E2F13859F65FABE2FF175725898F1B67
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# Load the Java Access Bridge class into the JVM..#..#assistive_technologies=com.sun.java.accessibility.AccessBridge..#screen_magnifier_present=true....
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1438
                                                                                                                                                                                                Entropy (8bit):5.214662998532387
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:QVDpdQYHLOVhl86bePCkHUMCLC9TFcgg+DR+Oby:MQ4LOVh2WGfUMCLC9Zcgg2Ru
                                                                                                                                                                                                MD5:92BA2D87915E6F7F58D43344DF07E1A6
                                                                                                                                                                                                SHA1:872BC54E53377AAC7C7616196BCCE1DB6A3F0477
                                                                                                                                                                                                SHA-256:68F0CF30429A42A6FE78B1DE91970E5C78FD03D1599BEB080C1C196D5C59E4C0
                                                                                                                                                                                                SHA-512:A964E2CEB4D601FAF28ECF13FB11777B70708C21CF9EA23721E462B6E911051108B8A42EBF6447FA49CB61D7FA2D79475F50EE791F1121616371E2B02FAB71B6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....#..# Japanese imperial calendar..#..# Meiji since 1868-01-01 00:00:00 local time (Gregorian)..# Taisho since 1912-07-30 00:00:00 local time (Gregorian)..# Showa since 1926-12-25 00:00:00 local time (Gregorian)..# Heisei since 1989-01-08 00:00:00 local time (Gregorian)..calendar.japanese.type: LocalGregorianCalendar..calendar.japanese.eras: \...name=Meiji,abbr=M,since=-3218832000000; \...name=Taisho,abbr=T,since=-1812153600000; \...name=Showa,abbr=S,since=-1357603200000; \...name=Heisei,abbr=H,since=600220800000....#..# Taiwanese calendar..# Minguo since 1911-01-01 00:00:00 local time (Gregorian)..calendar.taiwanese.type: LocalGregorianCalendar..calendar.taiwanese.eras: \...name=MinGuo,since=-1830384000000....#..# Thai Buddhist calendar..# Buddhist Era since -5
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3091908
                                                                                                                                                                                                Entropy (8bit):6.633254981822853
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:puZi4j4TQkgaSOHEhjy2twRYEc1sJzlbguMuD:puZiW4smxGocuJlbgq
                                                                                                                                                                                                MD5:0B3923ABB0D48FDAE7A2306717967B39
                                                                                                                                                                                                SHA1:0882294FFEC2769023AA36FF9CC53562F8E26020
                                                                                                                                                                                                SHA-256:E88AEC2A49F07CAC9471D9E4C113FA189600B57245685814D043C20EA8A8B471
                                                                                                                                                                                                SHA-512:CF622081B290140CE8419B30FB25442F7204C9A37E1490030A4D656F66C509946F48C50CC7794DA51007EFB202805605FE3C2AC3534D63FBF928EA35CE16A040
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........s..H................META-INF/....PK........s..H<:S1D...D.......META-INF/MANIFEST.MFManifest-Version: 1.0..Created-By: 1.7.0_07 (Oracle Corporation)....PK...........HUi..............sun/nio/cs/ext/Big5.class.......4."..........t....t............................................................................................................................................................................................................................................................................................................................................................................~.........b2cSBStr...Ljava/lang/String;...ConstantValue...b2cStr...[Ljava/lang/String;...b2c...[[C...b2cSB...[C...b2cInitialized...Z...c2b...c2bIndex...c2bInitialized...<init>...()V...Code...LineNumberTable...historicalName...()Ljava/lang/String;...contains...(Ljava/nio/charset/Charset;)Z...StackMapTable...newDecoder..#()Ljava/nio/charset/CharsetDecoder;...newEncoder..#()Ljava/nio/charset/Ch
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):84355
                                                                                                                                                                                                Entropy (8bit):4.927199323446014
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:4X/nxfn5rxLyMznYolTzlff5OK3COHoHNG5rb/cxNwmCX1g86K2oWdAqNqc+KMjD:qxn5rxLyMzbf5OK3CJNG51g86A
                                                                                                                                                                                                MD5:7FC71A62D85CCF12996680A4080AA44E
                                                                                                                                                                                                SHA1:199DCCAA94E9129A3649A09F8667B552803E1D0E
                                                                                                                                                                                                SHA-256:01FE24232D0DBEFE339F88C44A3FD3D99FF0E17AE03926CCF90B835332F5F89C
                                                                                                                                                                                                SHA-512:B0B9B486223CF79CCF9346AAF5C1CA0F9588247A00C826AA9F3D366B7E2EF905AF4D179787DCB02B32870500FD63899538CF6FAFCDD9B573799B255F658CEB1D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:java/lang/Object..java/lang/String..java/io/Serializable..java/lang/Comparable..java/lang/CharSequence..java/lang/Class..java/lang/reflect/GenericDeclaration..java/lang/reflect/AnnotatedElement..java/lang/reflect/Type..java/lang/Cloneable..java/lang/ClassLoader..java/lang/System..java/lang/Throwable..java/lang/Error..java/lang/ThreadDeath..java/lang/Exception..java/lang/RuntimeException..java/lang/SecurityManager..java/security/ProtectionDomain..java/security/AccessControlContext..java/security/SecureClassLoader..java/lang/ClassNotFoundException..java/lang/ReflectiveOperationException..java/lang/NoClassDefFoundError..java/lang/LinkageError..java/lang/ClassCastException..java/lang/ArrayStoreException..java/lang/VirtualMachineError..java/lang/OutOfMemoryError..java/lang/StackOverflowError..java/lang/IllegalMonitorStateException..java/lang/ref/Reference..java/lang/ref/SoftReference..java/lang/ref/WeakReference..java/lang/ref/FinalReference..java/lang/ref/PhantomReference..sun/misc/Cleaner
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Sun KCMS color profile 2.0, type KCMS, XYZ/XYZ-spac device, 51236 bytes, 2-12-1997 18:50:04, dependently, PCS X=0xf6b3 Z=0xd2f8 "XYZ to XYZ Identity Profile"
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):51236
                                                                                                                                                                                                Entropy (8bit):7.226972359973779
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:2Qnt0y7xFNksbeCqY39JJ8GmaNo68GmaNo68GmaNoW:JOy7xXjtqYNfHxNo6HxNo6HxNoW
                                                                                                                                                                                                MD5:10F23396E21454E6BDFB0DB2D124DB85
                                                                                                                                                                                                SHA1:B7779924C70554647B87C2A86159CA7781E929F8
                                                                                                                                                                                                SHA-256:207D748A76C10E5FA10EC7D0494E31AB72F2BACAB591371F2E9653961321FE9C
                                                                                                                                                                                                SHA-512:F5C5F9FC3C4A940D684297493902FD46F6AA5248D2B74914CA5A688F0BAD682831F6060E2264326D2ECB1F3544831EB1FA029499D1500EA4BFE3B97567FE8444
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...$KCMS....spacXYZ XYZ .........2..acspSUNW....KODA.ODA............................................................................A2B0.......4B2A0.......4cprt.......Gwtpt...T....desc...h....K070........K071........mft2................................................................................................................ !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~.................................................................................................................................................................................................................................................................................................................................. !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmm
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Sun KCMS color profile 2.0, type KCMS, GRAY/XYZ-mntr device, KODA/GRAY model, 632 bytes, 27-7-95 17:30:15, embedded, relative colorimetric, PCS Z=0xd32b "KODAK Grayscale Conversion - Gamma 1.0"
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):632
                                                                                                                                                                                                Entropy (8bit):3.7843698642539243
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:51AP3fJgXQ531yqQac/lkgz42WlHlYujlOl9Fhl:vA2XQCqpUlkgzulHiXl3hl
                                                                                                                                                                                                MD5:1002F18FC4916F83E0FC7E33DCC1FA09
                                                                                                                                                                                                SHA1:27F93961D66B8230D0CDB8B166BC8B4153D5BC2D
                                                                                                                                                                                                SHA-256:081CAAC386D968ADD4C2D722776E259380DCF78A306E14CC790B040AB876D424
                                                                                                                                                                                                SHA-512:334D932D395B46DFC619576B391F2ADC2617E345AFF032B592C25E333E853735DA8B286EF7542EB19059CDE8215CDCEA147A3419ED56BDD6006CA9918D0618E1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...xKCMS....mntrGRAYXYZ ._..........acspSUNW....KODAGRAY.......................+....................................................cprt.......?desc........dmnd.......`wtpt........kTRC........dmdd.......dtext....COPYRIGHT (c) 1997 Eastman Kodak, All rights reserved...desc.......'KODAK Grayscale Conversion - Gamma 1.0..................@...............~.......................~.......~..............desc........KODAK..................@..................................................,...,....XYZ ...............+curv............desc........Grayscale..................@..................................................,...,....
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:color profile 2.0, type KCMS, RGB/XYZ-mntr device by KODK, 1044 bytes, 2-2-1998, PCS Z=0xd32c "linear sRGB"
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1044
                                                                                                                                                                                                Entropy (8bit):6.510788634170065
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6:zwuau/7De0/q98EAsBIMD/WvaKIV4R0/lCAEdD0WlV9AEdwKKt/n3knR3lfR/NHD:zw7ePB/rEAsBIkVuUlAYKu/nUnKw
                                                                                                                                                                                                MD5:A387B65159C9887265BABDEF9CA8DAE5
                                                                                                                                                                                                SHA1:7913274C2F73BAFCF888F09FF60990B100214EDE
                                                                                                                                                                                                SHA-256:712036AA1951427D42E3E190E714F420CA8C2DD97EF01FCD0675EE54B920DB46
                                                                                                                                                                                                SHA-512:359D9B57215855F6794E47026C06036B93710998205D0817C6E602B2A24DAEB92537C388F129407461FC60180198F02A236AEB349A17430ED7AC85A1E5F71350
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:....KCMS....mntrRGB XYZ ............acsp........KODK...........................,KODK................................................cprt.......Hdesc...8....rXYZ........gXYZ........bXYZ........rTRC........gTRC........bTRC........wtpt........text....Copyright (c) Eastman Kodak Company, 1998, all rights reserved..desc........linear sRGB............l.i.n.e.a.r. .s.R.G.B.....linear sRGB........................................................XYZ ......m...6.....XYZ ......e........!XYZ ......#B...^...Kcurv........................................................................ !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~..........................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Sun KCMS color profile 2.0, type KCMS, 3CLR/Lab-spac device, 274474 bytes, 6-11-1996 7:50:04, PCS X=0xf6b3 Z=0xd2f8 "Std Photo YCC Print"
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):274474
                                                                                                                                                                                                Entropy (8bit):7.843290819622709
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:nJleRNRyAnAqNaADEJHeeeeevoAuaiqwV6sg0pUjRVgYgI:nJleRNRpN0j3qhjRC9I
                                                                                                                                                                                                MD5:24B9DEE2469F9CC8EC39D5BDB3901500
                                                                                                                                                                                                SHA1:4F7EED05B8F0EEA7BCDC8F8F7AAEB1925CE7B144
                                                                                                                                                                                                SHA-256:48122294B5C08C69B7FE1DB28904969DCB6EDC9AA5076E3F8768BF48B76204D0
                                                                                                                                                                                                SHA-512:D23CE2623DE400216D249602486F21F66398B75196E80E447143D058A07438919A78AE0ED2DDF8E80D20BD70A635D51C9FB300E9F08A4751E00CD21883B88693
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:..0*KCMS....spac3CLRLab .........2..acspSUNW....KODAnone............................................................................A2B0... ...4B2A0...T..f4cprt..-....Gdmnd..-....ndmdd...@...zwtpt........desc.......nK013../@....K019../L....K030../.....K031..0.....K070..0.....K071..0 ....mft2.....................................................K.S.8.....l.....0...3.........U.. .!h".$.%\&.'.)5*y+.,..5/o0.1.3.4E5v6.7.8.:*;S<z=.>.?.A.B,CLDkE.F.G.H.I.K.L!M7NLO`PsQ.R.S.T.U.V.W.X.Y.[.\.].^._%`,a2b8c=dAeEfHgJhLiMjMkMlLmKnIoFpCq@r;s7t1u,v%w.x.y.z.z.{.|.}.~...............p.b.S.C.3.#..............~.j.U.@.+.............t.\.C.*...........r.W.;...........p.R.3..........w.V.6.........l.J.'........v.R.-.......t.N.(.......f.?........v.N.%........U.+.......U.*......z.N."......n.@.......Z.+......o.@.........P. .......\.+.......d.1...........................z.p.f.[.Q.G.=.3.). ........................ .!.".#.$.%.&{'s(k)d*]+U,N-G.@/9021,2%3.4.5.6.7.8.8.9.:.;.<.=.>.?.@.A.B.C.D.E.F.
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Microsoft color profile 2.1, type Lino, RGB/XYZ-mntr device, IEC/sRGB model by HP, 3144 bytes, 9-2-1998 6:49:00 "sRGB IEC61966-2.1"
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3144
                                                                                                                                                                                                Entropy (8bit):7.026867070945169
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:+FflsXlf/lulel4wlwx+6MjnNsvIYWiR5QkyTJbZPHXZ9u6gbVwyKzJgWjU:aN26MT0D5MdtbZPAVwzV0
                                                                                                                                                                                                MD5:1D3FDA2EDB4A89AB60A23C5F7C7D81DD
                                                                                                                                                                                                SHA1:9EAEA0911D89D63E39E95F2E2116EAEC7E0BB91E
                                                                                                                                                                                                SHA-256:2B3AA1645779A9E634744FAF9B01E9102B0C9B88FD6DECED7934DF86B949AF7E
                                                                                                                                                                                                SHA-512:16AAE81ACF757036634B40FB8B638D3EBA89A0906C7F95BD915BC3579E3BE38C7549EE4CD3F344EF0A17834FF041F875B9370230042D20B377C562952C47509B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................view.........._.....
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5824
                                                                                                                                                                                                Entropy (8bit):5.074440246603207
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:6M5VfH+uEMmPDkZeujdJfZUB8BB/+PhPXsOQ71GAXf5lZuU1EbWF7Ycx/AQ12a8T:6M6p4ZeWd1ZUB8BBGPhPXsOQ71GAXBly
                                                                                                                                                                                                MD5:95AE170D90764B3F5E68C72E8C518DDC
                                                                                                                                                                                                SHA1:1939B699D16A5DB3E3F905466222099D7C29285A
                                                                                                                                                                                                SHA-256:A2B31E9CBCEAB296A5E1CF056EFD953CED23B888CD929B0BBE6EB6B53D2BF861
                                                                                                                                                                                                SHA-512:87E970BEAC8141C757D622FC8B6D84FE173EA4B134AFD8E2F979714C1110C3D92F3CE5F2B9DC74804DD37D13AB2A0EDF0FCA242F61CF8ED065AE81B7331F8816
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#sun.net.www MIME content-types table..#..# Property fields:..#..# <description> ::= 'description' '=' <descriptive string>..# <extensions> ::= 'file_extensions' '=' <comma-delimited list, include '.'>..# <image> ::= 'icon' '=' <filename of icon image>..# <action> ::= 'browser' | 'application' | 'save' | 'unknown'..# <application> ::= 'application' '=' <command line template>..#....#..# The "we don't know anything about this data" type(s)...# Used internally to mark unrecognized types...#..content/unknown: description=Unknown Content..unknown/unknown: description=Unknown Data Type....#..# The template we should use for temporary files when launching an application..# to view a document of given type...#..temp.file.template: c:\\temp\\%s....#..# The "real" types...#..application/octet-stream: \...description=Generic Binary Stream;\...file_extensions=.saveme,.dump,.hqx,.arc,.obj,.lib,.bin,.exe,.zip,.gz....application/oda: \...description=ODA Document;\...file_extens
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4122
                                                                                                                                                                                                Entropy (8bit):3.2585384283455134
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:BlWxFFGFSupi94blATFxjGph5vLC6/w37ZXQTbVm/eVzOBJ:BlWJEi94blAT+ph5vLkApmGqr
                                                                                                                                                                                                MD5:F6258230B51220609A60AA6BA70D68F3
                                                                                                                                                                                                SHA1:B5B95DD1DDCD3A433DB14976E3B7F92664043536
                                                                                                                                                                                                SHA-256:22458853DA2415F7775652A7F57BB6665F83A9AE9FB8BD3CF05E29AAC24C8441
                                                                                                                                                                                                SHA-512:B2DFCFDEBF9596F2BB05F021A24335F1EB2A094DCA02B2D7DD1B7C871D5EECDA7D50DA7943B9F85EDB5E92D9BE6B6ADFD24673CE816DF3960E4D68C7F894563F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:CurD..........................@C..,M...................... K...C..PF..4@...........R...........C......TF...........M..DL...C.......S..........<M...c...................C...C...A..........hK...C...M.......... O......8...PC...C..........@E...............E..............`.......pX...O...........B...C.......O...D..............,J..........................................@J..............XO..........................................0C...........................O...........................................M.......A...............................................................C...O...................................................................O..........TK...........R...O..............8C...........................P.................. C..............................................`C..........PK...............J......0F..pE...................................Q...............................R.......Q...........c...Q...................................................................................C
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2282861
                                                                                                                                                                                                Entropy (8bit):7.951223313727943
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:ABSxAmHHJwEu4l3Dyz7oQHeNHJJ2aAvfZc:ABEtHHaEuI3Dy3oQH2pFAvW
                                                                                                                                                                                                MD5:2388C4C8D5F95E0379A8997C7C2492F4
                                                                                                                                                                                                SHA1:906BF87EB1D8881ABADBF93A3C4BBA7887CA2A01
                                                                                                                                                                                                SHA-256:A1FD508EACF76645EB0885B243B5DD14239F1E039E8B53ED038226DF91A30539
                                                                                                                                                                                                SHA-512:2CCE11A5F97DF842964B55408FCF1EC84C0CD561E664ABA3A51275EAFE59D7C920FCFD954C527DA4D53ACB191200CC64BF8150A33BCB9B038F36ADB2CC69B1A1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK...........H................META-INF/....PK...........H...7Z...e.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...y...R.KRSt.*...L....u....4....sR......K..5y.x..PK...........H................com/PK...........H................com/oracle/PK...........H................com/oracle/deploy/PK...........H................com/oracle/deploy/update/PK...........H................com/sun/PK...........H................com/sun/applet2/PK...........H................com/sun/applet2/preloader/PK...........H............ ...com/sun/applet2/preloader/event/PK...........H................com/sun/deploy/PK...........H................com/sun/deploy/appcontext/PK...........H................com/sun/deploy/association/PK...........H............#...com/sun/deploy/association/utility/PK...........H................com/sun/deploy/cache/PK...........H................com/sun/deploy/config/PK...........H................com/sun/deploy/jardiff/PK...........H................com/sun/deploy/model/PK.....
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14156
                                                                                                                                                                                                Entropy (8bit):5.649187440261259
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:E84SHTDIbZI+R9ufdITe3MPu20DguN9P5YOinvYrJJ0JKP/U8HtK8NJO8lJi8VJb:kld6uQZ9P5dTC7IjZUkPmpaemFqKs8n
                                                                                                                                                                                                MD5:91052ADB799AEF68EA76931997C40CE4
                                                                                                                                                                                                SHA1:19255B8E335C22A171C26148099191708C99EE7A
                                                                                                                                                                                                SHA-256:61D1382375238F90E2E4EE2AF985D978F1409E01B38080E710DF4ACB2897E63B
                                                                                                                                                                                                SHA-512:39BAA49A1CEF533E5D3FFF1A86BC72CB346A6BF1928A9D8B505EBA09A4AB1506400234DE78BDFD925821F0A690B8887BD004A18CC64337DEB666CC2509DEE5DA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........$..H............'...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/UT....GjW.GjWux.............PK........#..H................{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/UT....GjW.GjWux.............PK........#..H............6...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/UT....GjW.GjWux.............PK........#..H............>...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/ffjcext/UT....GjW.GjWux.............PK........#..H...V........H...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/ffjcext/ffjcext.jsUT....GjW.GjWux.............const gJavaConsole1_8_0_101 = {...id.: "javaconsole1.8.0_101",...mimeType: "application/x-java-applet;jpi-version=1.8.0_101",...install.: function() {...window.addEventListener("load",this.init,false);..},...init.: function() { ...if (navigator.mimeTypes[gJavaConsole1_8_0_101.mimeType]) {....var toolsPopup = document.getElementById("menu_ToolsPopup");.....toolsPopup.addEventListener("popupshowing",gJavaConsole1_8_0_101.enable,false)
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2917
                                                                                                                                                                                                Entropy (8bit):4.838706790124659
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:KaDMJ9TmsHDmDDCDP2un8YzgKe1E13Tstub22tTeF/Qi/WRtAXikTzgaENZzT3JI:KaD+9TmAe29vBotubbt2Oz+ENlbJI
                                                                                                                                                                                                MD5:2EB9117D147BAA0578E4000DA9B29E12
                                                                                                                                                                                                SHA1:3D297ECF3D280D4AA3D1423E885994495243F326
                                                                                                                                                                                                SHA-256:B8D9C69FF7F4832A9B365D4A43CF66DFF9847051752B13EEDF024CAA9C1EF46B
                                                                                                                                                                                                SHA-512:C3F7730767941B3C8F6F53D4686E9F898D1907D978F6D1FA35BA02C3FCD8306335406A5F9ABAA844F27F7AFD9E548810BECB9EC3E6B84888EA5EAC57B6ED6FDB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=internal error, unknown message..error.badinst.nojre=Bad installation. No JRE found in configuration file..error.launch.execv=Error encountered while invoking Java Web Start (execv)..error.launch.sysexec=Error encountered while invoking Java Web Start (SysExec) ..error.listener.failed=Splash: sysCreateListenerSocket failed..error.accept.failed=Splash: accept failed..error.recv.failed=Splash: recv failed..error.invalid.port=Splash: didn't revive a valid port..error.read=Read past end of buffer..error.xmlparsing=XML Parsing error: wrong kind of token found..error.splash.exit=Java Web Start splash screen process exiting .....\n..# "Last WinSock Error" means the error message for the last operation that failed...error.winsock=\tLast WinSock Error: ..error.winsock.load=Couldn't load winsock.dll..error.winsock.start
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (1345), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3338
                                                                                                                                                                                                Entropy (8bit):4.919780187496773
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:WvaqyL1nlrDtzh5+VN9JrnjXyv6jq/YgKe1h/KZkCUdr5pAvA1t2CPTOsdIamy:txrj5Snk6+wuir25pAvAv2ITOsd9
                                                                                                                                                                                                MD5:FF9CFEE1ACFCD927253A6E35673F1BB7
                                                                                                                                                                                                SHA1:957E6609A1AF6D06A45A6F7B278BE7625807B909
                                                                                                                                                                                                SHA-256:E130FBD5FA378A380F46F42981F2C97BC152059C27120204AB4DA47079D31513
                                                                                                                                                                                                SHA-512:F42601092436D7AF30CCD81126185232D9D643B195D3D4619AEC451E3E2A60E33E6378E770DD1A4CDF7AB20CB749371665A992CA73D2842A7102F3FB34B6B9EB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=interner Fehler, unbekannte Meldung..error.badinst.nojre=Ung\u00FCltige Installation. Keine JRE in Konfigurationsdatei gefunden..error.launch.execv=Fehler beim Aufrufen von Java Web Start (execv) aufgetreten..error.launch.sysexec=Fehler beim Aufrufen von Java Web Start (SysExec) aufgetreten..error.listener.failed=Startbildschirm: sysCreateListenerSocket nicht erfolgreich..error.accept.failed=Startbildschirm: accept nicht erfolgreich..error.recv.failed=Startbildschirm: recv nicht erfolgreich..error.invalid.port=Startbildschirm: Reaktivierung eines g\u00FCltigen Ports nicht m\u00F6glich..error.read=\u00DCber Pufferende hinaus gelesen..error.xmlparsing=XML-Parsefehler: Falscher Tokentyp gefunden..error.splash.exit=Prozess f\u00FCr Startbildschirm von Java Web Start wird beendet.....\n..# "Last WinSock Error" mean
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (1475), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3632
                                                                                                                                                                                                Entropy (8bit):4.776451902180833
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:KHelXJn5woLUosi30hrleaRSfvlBY0CQ1Z:KHelNTAxFtlE/71Z
                                                                                                                                                                                                MD5:72BDAE07C5D619E5849A97ACC6A1090F
                                                                                                                                                                                                SHA1:9FC8A7A29658AC23A30AB9D655117BB79D08DC3B
                                                                                                                                                                                                SHA-256:821A3452ECB9F29BCEC16C0B39FB668C2CC30C7F7283B34BFC5400040723892B
                                                                                                                                                                                                SHA-512:67F0D1D60012B5598864B68612AA488AF1B5876FF5F347CD98ABCF1E3C0D267CF0354D5085BF12B0A09C6EF124FD0117CD16FCC032DA2B195D45BAB19740BB78
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=Error interno, mensaje desconocido..error.badinst.nojre=Instalaci\u00F3n incorrecta. No se ha encontrado JRE en el archivo de configuraci\u00F3n..error.launch.execv=Se ha encontrado un error al llamar a Java Web Start (execv)..error.launch.sysexec=Se ha encontrado un error al llamar a Java Web Start (SysExec) ..error.listener.failed=Pantalla de Presentaci\u00F3n: fallo de sysCreateListenerSocket..error.accept.failed=Pantalla de Presentaci\u00F3n: fallo de accept..error.recv.failed=Pantalla de Presentaci\u00F3n: fallo de recv..error.invalid.port=Pantalla de Presentaci\u00F3n: no se ha activado un puerto v\u00E1lido..error.read=Lectura m\u00E1s all\u00E1 del final del buffer..error.xmlparsing=Error de an\u00E1lisis de XML: se ha encontrado un tipo de token no v\u00E1lido..error.splash.exit=Saliendo del proceso d
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (1575), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3441
                                                                                                                                                                                                Entropy (8bit):4.832330268062187
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:KE2CXpRLJDNXQC6tNaEGBlu9hUv5//zEvDiwkISAyHgKe1p6KF/uoYuh1LNRtS0f:KERXlp6tN1VHq1Kt1S4x8Xi
                                                                                                                                                                                                MD5:FFE3CC16616314296C3262B0A0E093CD
                                                                                                                                                                                                SHA1:198DD1C6E6707C10AE74A1C42E8A91C429598F3B
                                                                                                                                                                                                SHA-256:3941736BEF6A8E53D002B6B67ECE4793C2F3F34BCC1ECB271684EB3F73FC4103
                                                                                                                                                                                                SHA-512:CD3A9329F405CA14E11CDBB74D467B31A31530CBF00537B16FB23AEBC6C07EB268E9624FDBC997AA0CF4852DAC288E1D011E2FC392D71E25DBDF52E359BA9D4E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=erreur interne, message inconnu..error.badinst.nojre=Installation incorrecte. JRE introuvable dans le fichier de configuration..error.launch.execv=Erreur lors de l'appel de Java Web Start (execv)..error.launch.sysexec=Erreur lors de l'appel de Java Web Start (SysExec) ..error.listener.failed=Accueil : \u00E9chec de sysCreateListenerSocket..error.accept.failed=Accueil : \u00E9chec d'accept..error.recv.failed=Accueil : \u00E9chec de recv..error.invalid.port=Accueil : impossible de r\u00E9activer un port valide..error.read=Lecture apr\u00E8s la fin de tampon..error.xmlparsing=Erreur d'analyse XML : type incorrect de jeton..error.splash.exit=Le processus d'affichage de l'\u00E9cran d'accueil de Java Web Start est en cours de fermeture...\n..# "Last WinSock Error" means the error message for the last operation that
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (1392), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3255
                                                                                                                                                                                                Entropy (8bit):4.7050139579578145
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:KTi+qOaVUVVMsD/B0FN5+eADELDHxhdpHgKe1uo265eLaqMQ6URhmwgFs+ur60:KJBa2VtzeDLDRhd5A26+7RhZgR0
                                                                                                                                                                                                MD5:BF5E5310B2DCF8E8B3697B358AD4446D
                                                                                                                                                                                                SHA1:C746AC1F46F607FA8F971BEA2B6853746A4FB28D
                                                                                                                                                                                                SHA-256:CC9AD73957535011EE2376C23DE2C2597F877ACEBA9173E822EE79AAD3C4E9E6
                                                                                                                                                                                                SHA-512:B6C61D38B0ACC427B9B2F4C19DABD7EACBE8EEA6B973FD31B3555C4C5B3FFAF1CA036B730359346F57223B44CCE79E04A6D06BBC13C6F7DD26ED463776BB6DCC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=errore interno, messaggio sconosciuto..error.badinst.nojre=Installazione errata. Impossibile trovare il JRE nel file di configurazione..error.launch.execv=Errore durante la chiamata di Java Web Start (execv)..error.launch.sysexec=Errore durante la chiamata di Java Web Start (SysExec) ..error.listener.failed=Apertura: sysCreateListenerSocket non riuscito..error.accept.failed=Apertura: accept non riuscito..error.recv.failed=Apertura: recv non riuscito..error.invalid.port=Apertura: impossibile identificare una porta valida..error.read=Tentativo di lettura dopo la fine del buffer..error.xmlparsing=Errore durante l'analisi XML: trovato un tipo di token errato..error.splash.exit=Uscita dal processo di schermata iniziale di Java Web Start in corso...\n..# "Last WinSock Error" means the error message for the last oper
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (2924), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6381
                                                                                                                                                                                                Entropy (8bit):4.5983590678211135
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:Mu7cepcgD8do+O2D+k8/RJFGQcHGqo72hzEflA44CAmIbIC3j5pN/o8woJe:PctgYqhTYzG2O
                                                                                                                                                                                                MD5:D830FC76BDD1975010ECE4C5369DADF8
                                                                                                                                                                                                SHA1:D8CC3F54325142EFA740026E2BC623AFE6F3ACB5
                                                                                                                                                                                                SHA-256:11E886336BA51A9044AB1A87C60CEEE34C29BB724E06A16968D31531A7001064
                                                                                                                                                                                                SHA-512:7B867A50A811FBD7FFDAD0B729CA4501E16386EE5C4940A4CF9A805767CC0D10F7E3BDFD6A60204D79292D778D93E3BD915368AC0E9453BBB1010ADFD9655F0F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5185\u90E8\u30A8\u30E9\u30FC\u3001\u4E0D\u660E\u306A\u30E1\u30C3\u30BB\u30FC\u30B8..error.badinst.nojre=\u30A4\u30F3\u30B9\u30C8\u30FC\u30EB\u304C\u6B63\u3057\u304F\u3042\u308A\u307E\u305B\u3093\u3002\u69CB\u6210\u30D5\u30A1\u30A4\u30EB\u5185\u306BJRE\u304C\u3042\u308A\u307E\u305B\u3093..error.launch.execv=Java Web Start\u306E\u547C\u51FA\u3057\u4E2D\u306B\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(execv)..error.launch.sysexec=Java Web Start\u306E\u547C\u51FA\u3057\u4E2D\u306B\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(SysExec) ..error.listener.failed=\u30B9\u30D7\u30E9\u30C3\u30B7\u30E5: sysCreateListenerSocket\u306B\u5931\u6557\u3057\u307E\u3057\u305F..error.accept.failed=\u30B9\u30D7\u30E9\u30C3\u30B7\u30E5: accept\u306B\u5931\u6557\u3057\u307E\u3057\u305F..error.recv.fai
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (2601), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5744
                                                                                                                                                                                                Entropy (8bit):4.781504394194986
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:GhymCk3kjLqgz9RkfrsEW/p9M32i0HkZr+ywc8b8+/moD7yct070DL70Dm:Dm5kLfIErMbT/44in
                                                                                                                                                                                                MD5:64DE22212EE92F29BCA3ACED72737254
                                                                                                                                                                                                SHA1:C4DBC247043578CCF9CD8DAB652D096703D5B26E
                                                                                                                                                                                                SHA-256:292696C94D5FD0BF2FF4AF9E4D363BFCBE888D2E65BD18A20CF71081FB1C9B0D
                                                                                                                                                                                                SHA-512:CA33C75B66D8B5316B1C3ED41A9A14DD8611A3BB9B26EFDC7F468250696D515CF1E966831975C9ABDC33E9A1C59167FE79BA547592D2A04997E1342433E7B628
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\uB0B4\uBD80 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. \uC54C \uC218 \uC5C6\uB294 \uBA54\uC2DC\uC9C0\uC785\uB2C8\uB2E4...error.badinst.nojre=\uC124\uCE58\uAC00 \uC798\uBABB\uB418\uC5C8\uC2B5\uB2C8\uB2E4. \uAD6C\uC131 \uD30C\uC77C\uC5D0\uC11C JRE\uB97C \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4...error.launch.execv=Java Web Start(execv)\uB97C \uD638\uCD9C\uD558\uB294 \uC911 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4...error.launch.sysexec=Java Web Start(SysExec)\uB97C \uD638\uCD9C\uD558\uB294 \uC911 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. ..error.listener.failed=\uC2A4\uD50C\uB798\uC2DC: sysCreateListenerSocket\uC744 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4...error.accept.failed=\uC2A4\uD50C\uB798\uC2DC: \uC2B9\uC778\uC744 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4...error.r
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (1319), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3317
                                                                                                                                                                                                Entropy (8bit):4.869662880084367
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:3c6BeKTDcUsLYg9tStwmx+supWBxKy0HgKe1u6K0NCMc6MTNTjtA7NZdlw7ZHAW:3c6fbEf1mxPuUBxKy4va+mZdlw7Z7
                                                                                                                                                                                                MD5:4078691AB22C4F0664856BE0C024A52F
                                                                                                                                                                                                SHA1:6247FC05DE429F65DC4E1356C4715DC51F43B98F
                                                                                                                                                                                                SHA-256:6869B27B12B99C9D169B3E018284BE0F7631DBDF2DDD5F4EA5B1A458736FDFDF
                                                                                                                                                                                                SHA-512:BB02765F69E23C732C790EB994800C83BB8EFE7FF8CE0BCDC475EC5A29CEF5A33A5513AB1A7DC9F0F066B807A0980C41EC0037710873A32BD2952DBED79D24CA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=erro interno, mensagem desconhecida..error.badinst.nojre=Instala\u00E7\u00E3o incorreta. Nenhum JRE encontrado no arquivo de configura\u00E7\u00E3o..error.launch.execv=Erro encontrado ao chamar Java Web Start (execv)..error.launch.sysexec=Erro encontrado ao chamar Java Web Start (SysExec) ..error.listener.failed=Tela Inicial: falha em sysCreateListenerSocket..error.accept.failed=Tela Inicial: falha na fun\u00E7\u00E3o accept..error.recv.failed=Tela Inicial: falha na fun\u00E7\u00E3o recv..error.invalid.port=Tela Inicial: n\u00E3o reativou uma porta v\u00E1lida..error.read=Ler ap\u00F3s o final do buffer..error.xmlparsing=Erro durante o parsing de XML: tipo incorreto de token encontrado..error.splash.exit=Saindo do processamento da tela inicial do Java Web .....\n..# "Last WinSock Error" means the error message
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (1386), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3441
                                                                                                                                                                                                Entropy (8bit):4.927824210480987
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:KYD1QNsQZ/lmo8ZuLgdBGpv3JRJ/7coh91XlK7Q/vm2QAfO:9D1+sCmapce1KGm2QIO
                                                                                                                                                                                                MD5:81BBDEA4DC9803A6EB78CE7D5CA018ED
                                                                                                                                                                                                SHA1:9AAF012276AD89CE7273CF5F0BE4C95B72D906AB
                                                                                                                                                                                                SHA-256:565B8FF1F31784378884D9D7468FFDFDDA5B001ACB5BB393A5006AC19BE4E67A
                                                                                                                                                                                                SHA-512:310017DD27C91C492188737494DA04CAB241D0BF4E91326AFB4A3F98CBFF78A6C0BBC14EC7E883597E9D506FAA80BA4E9A25B5F46BFD2543850323061E829A84
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=internt fel, ok\u00E4nt meddelande..error.badinst.nojre=Felaktig installation. Ingen JRE har hittats i konfigurationsfilen..error.launch.execv=Ett fel intr\u00E4ffade under starten av Java Web Start (execv)..error.launch.sysexec=Ett fel intr\u00E4ffade under starten av Java Web Start (SysExec) ..error.listener.failed=V\u00E4lkomstsk\u00E4rm: sysCreateListenerSocket utf\u00F6rdes inte..error.accept.failed=V\u00E4lkomstsk\u00E4rm: kunde inte accepteras..error.recv.failed=V\u00E4lkomstsk\u00E4rm: kunde inte mottaga..error.invalid.port=V\u00E4lkomstsk\u00E4rm: \u00E5terskapade inte en giltig port..error.read=L\u00E4ste f\u00F6rbi slutet av bufferten..error.xmlparsing=XML-tolkningsfel: fel typ av igenk\u00E4nningstecken hittades..error.splash.exit=Java Web Start - v\u00E4lkomstsk\u00E4rmen avslutas .....\n..# "Last
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (1857), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4104
                                                                                                                                                                                                Entropy (8bit):5.04197285715923
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:Me7R8zl0Zf4z3X4Gv2hEpeStEKADydYL1WfK0eSm91j7:1R8pOfWHJvOJT1WPtK1j7
                                                                                                                                                                                                MD5:823D1F655440C3912DD1F965A23363FC
                                                                                                                                                                                                SHA1:50B941A38B9C5F565F893E1E0824F7619F51185C
                                                                                                                                                                                                SHA-256:86663DED105B77261C0556468A93BC8666A094B918299A61AF0A8E30F42019C7
                                                                                                                                                                                                SHA-512:1EBF989D2121CF05FFC912B9B228C4D4523763EB1A689EC74568D811C88DCF11032FFC8007BB24DAF7D079B580662B77D94B4B8D71A2E891EF27979FF32CD727
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5185\u90E8\u9519\u8BEF, \u672A\u77E5\u6D88\u606F..error.badinst.nojre=\u9519\u8BEF\u5B89\u88C5\u3002\u914D\u7F6E\u6587\u4EF6\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u8C03\u7528 Java Web Start (execv) \u65F6\u9047\u5230\u9519\u8BEF..error.launch.sysexec=\u8C03\u7528 Java Web Start (SysExec) \u65F6\u9047\u5230\u9519\u8BEF..error.listener.failed=\u542F\u52A8\u5C4F\u5E55: sysCreateListenerSocket \u5931\u8D25..error.accept.failed=\u542F\u52A8\u5C4F\u5E55: \u63A5\u53D7\u5931\u8D25..error.recv.failed=\u542F\u52A8\u5C4F\u5E55: recv \u5931\u8D25..error.invalid.port=\u542F\u52A8\u5C4F\u5E55: \u672A\u6062\u590D\u6709\u6548\u7AEF\u53E3..error.read=\u8BFB\u53D6\u8D85\u51FA\u7F13\u51B2\u533A\u7ED3\u5C3E..error.xmlparsing=XML \u89E3\u6790\u9519\u8BEF: \u53D1\u73B0\u9519\u8BEF\u7684\u6807\u8BB0\u7C7B\u578B..error.s
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (1729), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3784
                                                                                                                                                                                                Entropy (8bit):5.17620120701776
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:wMWzQq8x9i7zO/JOFtUtQzy+gawZFomWdYQCfQ/ydQCyA:LWzQqms7S/JDtQcJoHWQaQ/6QCH
                                                                                                                                                                                                MD5:4287D97616F708E0A258BE0141504BEB
                                                                                                                                                                                                SHA1:5D2110CABBBC0F83A89AEC60A6B37F5F5AD3163E
                                                                                                                                                                                                SHA-256:479DC754BD7BFF2C9C35D2E308B138EEF2A1A94CF4F0FC6CCD529DF02C877DC7
                                                                                                                                                                                                SHA-512:F273F8D501C5D29422257733624B5193234635BD24B444874E38D8D823D728D935B176579D5D1203451C0CE377C57ED7EB3A9CE9ADCB3BB591024C3B7EE78DCD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5167\u90E8\u932F\u8AA4\uFF0C\u4E0D\u660E\u7684\u8A0A\u606F..error.badinst.nojre=\u5B89\u88DD\u932F\u8AA4\u3002\u5728\u7D44\u614B\u6A94\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u547C\u53EB Java Web Start (execv) \u6642\u9047\u5230\u932F\u8AA4..error.launch.sysexec=\u547C\u53EB Java Web Start (SysExec) \u6642\u9047\u5230\u932F\u8AA4..error.listener.failed=Splash: sysCreateListenerSocket \u5931\u6557..error.accept.failed=Splash: \u63A5\u53D7\u5931\u6557..error.recv.failed=Splash: recv \u5931\u6557..error.invalid.port=Splash: \u6709\u6548\u7684\u9023\u63A5\u57E0\u5C1A\u672A\u56DE\u5FA9..error.read=\u8B80\u53D6\u8D85\u51FA\u7DE9\u885D\u5340\u7D50\u5C3E..error.xmlparsing=XML \u5256\u6790\u932F\u8AA4: \u627E\u5230\u932F\u8AA4\u7684\u8A18\u865F\u7A2E\u985E..error.splash.exit=Java Web Start \u9583\u73FE\u87A2
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (1729), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3784
                                                                                                                                                                                                Entropy (8bit):5.17620120701776
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:wMWzQq8x9i7zO/JOFtUtQzy+gawZFomWdYQCfQ/ydQCyA:LWzQqms7S/JDtQcJoHWQaQ/6QCH
                                                                                                                                                                                                MD5:4287D97616F708E0A258BE0141504BEB
                                                                                                                                                                                                SHA1:5D2110CABBBC0F83A89AEC60A6B37F5F5AD3163E
                                                                                                                                                                                                SHA-256:479DC754BD7BFF2C9C35D2E308B138EEF2A1A94CF4F0FC6CCD529DF02C877DC7
                                                                                                                                                                                                SHA-512:F273F8D501C5D29422257733624B5193234635BD24B444874E38D8D823D728D935B176579D5D1203451C0CE377C57ED7EB3A9CE9ADCB3BB591024C3B7EE78DCD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5167\u90E8\u932F\u8AA4\uFF0C\u4E0D\u660E\u7684\u8A0A\u606F..error.badinst.nojre=\u5B89\u88DD\u932F\u8AA4\u3002\u5728\u7D44\u614B\u6A94\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u547C\u53EB Java Web Start (execv) \u6642\u9047\u5230\u932F\u8AA4..error.launch.sysexec=\u547C\u53EB Java Web Start (SysExec) \u6642\u9047\u5230\u932F\u8AA4..error.listener.failed=Splash: sysCreateListenerSocket \u5931\u6557..error.accept.failed=Splash: \u63A5\u53D7\u5931\u6557..error.recv.failed=Splash: recv \u5931\u6557..error.invalid.port=Splash: \u6709\u6548\u7684\u9023\u63A5\u57E0\u5C1A\u672A\u56DE\u5FA9..error.read=\u8B80\u53D6\u8D85\u51FA\u7DE9\u885D\u5340\u7D50\u5C3E..error.xmlparsing=XML \u5256\u6790\u932F\u8AA4: \u627E\u5230\u932F\u8AA4\u7684\u8A18\u865F\u7A2E\u985E..error.splash.exit=Java Web Start \u9583\u73FE\u87A2
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:GIF image data, version 89a, 320 x 139
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8590
                                                                                                                                                                                                Entropy (8bit):7.910688771816331
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:91m4OqvVyG+LMIcBc2qPjHmxJCCG/h97dIYhOX:9/OqdivcqzjH3tfDE
                                                                                                                                                                                                MD5:249053609EAF5B17DDD42149FC24C469
                                                                                                                                                                                                SHA1:20E7AEC75F6D036D504277542E507EB7DC24AAE8
                                                                                                                                                                                                SHA-256:113B01304EBBF3CC729A5CA3452DDA2093BD8B3DDC2BA29E5E1C1605661F90BE
                                                                                                                                                                                                SHA-512:9C04A20E2FA70E4BCFAC729E366A0802F6F5167EA49475C2157C8E2741C4E4B8452D14C75F67906359C12F1514F9FB7E9AF8E736392AC8434F0A5811F7DDE0CB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GIF89a@................................................FFF...T..W..V..Is.Kv.W..W..U..Hr.P|.O{.Mx.Gq.Jt.Fo.Fp.V..U..Gp.T..Lw.P|.R..Q~.S..S..Nz.Lw.Hq.Ju.X..V..Lx.It.U..Hs.Ny.Nz.P}.R~.S..R~.R..Q}.Q}.My.Lv.It.O{.Ku.My.Oz.Gp.Gq.Hr.....................WWW.........Ry.uuu............i......ggg...]..................{..y..d..........Sz................s............i...............c............v.....X........r...........]........^........p.....z.........r..Y..l..m...............]................Mu........Qw.Nw.........v.....b..j.......V}.]........d.....k........v........Lu....S|.U{.Oy................W........Lv.U..R}.....Nv.Gp.Nx.Ks....Jr....Hq......V~.T..S~.Z.....Gq.O{.......W..Qz.......Lw.Z.....T...........S~....Lt.Kv....V.................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="ht
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:GIF image data, version 89a, 640 x 278
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15276
                                                                                                                                                                                                Entropy (8bit):7.949850025334252
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:onqkbSDLFgIBL0IgyZCE/oIuuemXclVO/HemZ8GbRdziHm6tIclW3ZYvvebtssZn:lKMLWkpgy8sdsnOmEyPLaYoauAdI
                                                                                                                                                                                                MD5:CB81FED291361D1DD745202659857B1B
                                                                                                                                                                                                SHA1:0AE4A5BDA2A6D628FAC51462390B503C99509FDC
                                                                                                                                                                                                SHA-256:9DD5CCD6BDFDAAD38F7D05A14661108E629FDD207FC7776268B566F7941E1435
                                                                                                                                                                                                SHA-512:4A383107AC2D642F4EB63EE7E7E85A8E2F63C67B41CA55EBAE56B52CECFE8A301AAF14E6536553CBC3651519DB5C10FC66588C84C9840D496F5AE980EF2ED2B9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GIF89a..............................................FFF...W..V..Is.Hr.W..W..U..P|.T..Kv.O{.V..Mx....S..Fp.Jt.Lw.Gp.Gq.Lw.U..T..R..Q~.Fo.Nz.R~.R..Q}.My.Ju.It.Oz.Gp.Nz.Gq.V..Ny.Hq.P|.P}.S..S..S..Q}.Ku.Ku.Hr.Lx.X..Mx.It.U..Is.Hs.T..O{.R~.T..O{.Kv.My.Lv..........i...........]..WWWu...........ggguuut.......................................Ry.......{..............b..........................^..l.................X}....a..{.....c..................v..m........T{.f.....l........X.........................j..U|...........`........j..g..U~........^.....Qz.Jr.Nw.p.....v.....p.....Gp....r..Mt.......y..q.....]..Nv............Tz.Y.....[.....Pw....Ox..............X.....Y..X..W..V..S|............Mx....Mv.Kt.U..Hq.Lv.W.....Mu.i..Q{.Gq.Lt.S~.T..U..Kv................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="ht
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:GIF image data, version 89a, 320 x 139
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7805
                                                                                                                                                                                                Entropy (8bit):7.877495465139721
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:S88k2wenvMs3iHrSI3yy73VWOcaJpGvrrXqJBcqgbf5bD0jmzDBoqCN2IWsyh:SFHhs73n73V4airrXq41Ll3vBmN2YU
                                                                                                                                                                                                MD5:9E8F541E6CEBA93C12D272840CC555F8
                                                                                                                                                                                                SHA1:8DEF364E07F40142822DF84B5BB4F50846CB5E4E
                                                                                                                                                                                                SHA-256:C5578AC349105DE51C1E9109D22C7843AAB525C951E312700C73D5FD427281B9
                                                                                                                                                                                                SHA-512:2AB06CAE68DEC9D92B66288466F24CC25505AF954FA038748D6F294D1CFFB72FCC7C07BA8928001D6C487D1BF71FE0AF1B1AA0F35120E5F6B1B2C209BA596CE2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GIF89a@...................................{...........c.....P|.l.....].............Ry.........S{.i.....U~........................uuuV..b........T.....WWW}..R~.......Hr.v..T|.It..........n.............e..f.....].........Hq.`........Y.....i..r.._..l...........]..Y.....v..................s..f.....z.....\........Jr.r.....................i..e.....p.....Y..m........Z..Sz.Ow....Y..Nx.{..w..Jr.T..R}....Pw.Lt.s..`..W..W..Lv...........................................FFF...W..V..Is.Kv.W..W..U..Hr.O{.Mx.Jt.Gq.Fp.Gp.Lw.Fo.U..T..Q~.R..P|.Lw.S..S..Ju.Nz.V..X..V..U..Ny.Hs.My.Ku.My.Q}.R~.P}.Q}.R..S..S..O{.Oz.Lx.Nz.Lv.It.Gp.Gq....ggg.....................S...............S|....Gp........Mw.S~.Px.Nz.Pz.......Lt.Kv.a.....V.....r.................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="ht
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:GIF image data, version 89a, 640 x 278
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12250
                                                                                                                                                                                                Entropy (8bit):7.901446927123525
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:Zzv4QPei/ueMFJ2M4xSGb/xGEyddpTa7Kv9I1BDc3KR3q6xmwJePYueHjAPZKGMr:5vTWvmxSGbkpTaYe1dc3KR3q7wJsOHmu
                                                                                                                                                                                                MD5:3FE2013854A5BDAA488A6D7208D5DDD3
                                                                                                                                                                                                SHA1:D2BFF9BBF7920CA743B81A0EE23B0719B4D057CA
                                                                                                                                                                                                SHA-256:FC39D09D187739E580E47569556DE0D19AF28B53DF5372C7E0538FD26EDB7988
                                                                                                                                                                                                SHA-512:E3048E8E0C22F6B200E5275477309083AA0435C0F33D1994C10CE65A52F357EE7CF7081F85C00876F438DFA1EE59B542D602287EC02EA340BFDF90C0C6ABD548
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GIF89a.......{.....k......{...........P|.b..V......................Hr.Hq.......................]...........X...........f.............i............R~....u..It.u.....l..T~.......Qz.......^..Q~....i.......b.............Qx.Y..Y.....q..p.....v..............a..U|......T..Y........................^..n........f.....Tz.e..j..f..Ox.p..Y~.Ov.......y..Z..h.....l.....W.....w.....R|.p.....X~.a........Pw.Ks.Ir.......^.....Kt.FFF\........Ox...........W..U..Nw.Mu.W..V..Is.V..Hr.R~.W..W..U..T..O{.Kv.Gp.S..Mx.Lw.Fp.Lw.U..T..Jt.R..Gq.Fo.Ju.My.R..Q}.R~.Nz.Oz.It.Nz.V..V..Gp.Ny.Ku.P|.Ku.Gq.P}.S..Q}.S..S..Is.Lx.U..O{.Hs.T..O{.My.Mx.Kv.Lv............iii...YYY.............xxx........._.....U..Gp.U..Lv.Mw....Oz......S|.S}.Hq.\..Kv....Mv.P{.W..T........Mw.T.....Nz.q..Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="ht
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):187736
                                                                                                                                                                                                Entropy (8bit):7.79606817499301
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:9Mxm+j7ZPrDuryFpqOv2xHamAIGiDZDo81qnI/vs7O04OvwFgBgvH6:ONduOJv29amxGiDtonI87aGBgva
                                                                                                                                                                                                MD5:13794986CA59819F6AF7BD70022D7F8F
                                                                                                                                                                                                SHA1:6C5609CD023EB001DC82F1E989D535CD7AD407EE
                                                                                                                                                                                                SHA-256:AF555DD438214DCD68D55EBDDCC0A05BF47DEF0EFD9920E3955D11CC2623628E
                                                                                                                                                                                                SHA-512:2E3C4E76FD911EFF5F6983D6D7FBB0F998E5FB0BFE11921A83AC9F19BFB0C28B157354F1AC790094C354845025AB42F5A921FDDF2A780497431F3912D7D3E518
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........z..H................META-INF/......PK..............PK........{..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............/...com/sun/java/accessibility/AccessBridge$1.class.S.n.@.=.........6.....BU.D.T..CQ.x.8+...F.u...$...>..B.....5.....9.gfg......St....,........sp....z*. ......".e........MG.|N..(...a.=..9!Tz.@..GJ.W./...s<..8&t.9...m......8..Jt.`..:....Q.?.a....H......y.$.Y..a.....m.c5...K.....'.....Y.`^.5..|..z_.q.*....]2p....[..P..b.A.C...W..j..(H3.....a.~...;.Z.^,.T...6QB..L.+g...%l_R....H.V..el&..#F.~6.1.9.C.g$M.+.vn..&........k 8 ...._..."G=.6P.#._@.o(}.........s`..Oy..A.Q&|...._a...c...2.....g$.+..k..:n.s7q..x....?PK....&.........PK...........H............0...com/sun/java/accessibility/AccessBridge$10.class.TYO.Q...e`.. ..X.j;...W.Z*j.u.....7ep.!3w._.1&...&....>.....q..m.s.{..l...._...n..0(IN.!...VajH`D.(.v.$.U....v....$g%9.!....N..T.Wq.!.d..e.Vj.
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):187727
                                                                                                                                                                                                Entropy (8bit):7.7958934328326075
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:aMxm+j7ZPrDuryFpqOv2xHamAIGiDZDo81qnI/vs7O04OvwFgBPlHl:nNduOJv29amxGiDtonI87aGBPlF
                                                                                                                                                                                                MD5:82C16750374D5CCA5FDAA9434BAF8143
                                                                                                                                                                                                SHA1:9B49F07BFB6F4AE73EB9B2FADCAE46E02E31F023
                                                                                                                                                                                                SHA-256:1F0966EBD65544669395E9F490A3D397DCF122D5261566734BB422C68CFE64B8
                                                                                                                                                                                                SHA-512:12A32FBE2A0A824EC33BD6D0A22066C0CB74D13EEBC16622FFE420CD48B4EB5878C981384DEBE30285D6231B3224E5CD2380C22D8C18624E52E5C74B62221661
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........{..H................META-INF/......PK..............PK........{..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............/...com/sun/java/accessibility/AccessBridge$1.class.S.n.@.=.........6.....BU.D.T..CQ.x.8+...F.u...$...>..B.....5.....9.gfg......St....,........sp....z*. ......".e........MG.|N..(...a.=..9!Tz.@..GJ.W./...s<..8&t.9...m......8..Jt.`..:....Q.?.a....H......y.$.Y..a.....m.c5...K.....'.....Y.`^.5..|..z_.q.*....]2p....[..P..b.A.C...W..j..(H3.....a.~...;.Z.^,.T...6QB..L.+g...%l_R....H.V..el&..#F.~6.1.9.C.g$M.+.vn..&........k 8 ...._..."G=.6P.#._@.o(}.........s`..Oy..A.Q&|...._a...c...2.....g$.+..k..:n.s7q..x....?PK....&.........PK...........H............0...com/sun/java/accessibility/AccessBridge$10.class.TYO.Q...e`.. ..X.j;...W.Z*j.u.....7ep.!3w._.1&...&....>.....q..m.s.{..l...._...n..0(IN.!...VajH`D.(.v.$.U....v....$g%9.!....N..T.Wq.!.d..e.Vj.
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3860522
                                                                                                                                                                                                Entropy (8bit):7.9670916513081735
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:98304:PI1SwP9utPgTIb0bxSxwF1nNZVdEILeH9IIyYNO4Inwz:PI1HYgkoxSxI9fs4UVIwz
                                                                                                                                                                                                MD5:AE86774D28F1C8270A9BCBD12A9A1865
                                                                                                                                                                                                SHA1:7806C70550F435C2C87D2D15E427E5A9F97774E4
                                                                                                                                                                                                SHA-256:0402FBCB23D381DEDE4DF4228F2D100D8693C5B3BAB885AB5EB98BCC0A269786
                                                                                                                                                                                                SHA-512:2EA1E0372A087915FFFCCA2DEFC817C37BD038B02824BFEC1DA4E881A4C908A93AEB37DAA38840F75BCEAFD02EC09088FE648B0305DA0407E93407EAC770BE63
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........s..H................META-INF/......PK..............PK........s..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.q.B........E..%.).N. e.z.......E..9....E..E.%@...\.\.PK...n..N...Z...PK...........H................sun/text/resources/cldr/aa/FormatData_aa.classmPMO.@.}........(.@..xB....!b,1i8..6X..I.5._.'.....(..".9.yy3.f?..?..`?...*6T.5l....aG......=...mqN.......t...:6g.;`^....d.L..\0.|.b...w&.....c.;...8%H...........RqA.......b. ..p./G......B0..K.Sx6...>4\....Zy.!..".R.N....T....=..c~d.7...3(5.<.....a;F....\....a8@..a.@..d^.]YV"k....U...2'#...rX.K...ue...O....bZ.:CB...jZ.]3...2M.s....3}.ct%.GV..PK...]..d.......PK...........H................sun/text/resources/cldr/af/FormatData_af.classuV.x[W.>...a[y......R.+-..K].I.4..(...b.=....a.h...({..B!...{.U......w../...y...?.;w>.u..w..A.......xE.nFxe.nAx...^.p+.k.^..z.7 ...M.oFx..[...v.3..!.....Bx7.{.nGx/....@x?...."..A..!|....G.>..1..#|....B......A.,...>..../"|...._A.*........o"|.....A...........".
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8286
                                                                                                                                                                                                Entropy (8bit):7.790619326925194
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:tX5jIgU7WbMCc0XmHTEIWB7EH+mqcEb+wYtvEmkbKdG:tXZU7WbMoWTFWBAH+BCrEmkh
                                                                                                                                                                                                MD5:7FA7F97FA1CC0CC8ACC37B9DAE4464AE
                                                                                                                                                                                                SHA1:C143646A6DBE2EBDB1FBF69C09793E7F07DBC1F5
                                                                                                                                                                                                SHA-256:36820223C5B9A225DC3FF7C1C3930BDB112F1D9AAB2BEE954FF1A1C1828E2C54
                                                                                                                                                                                                SHA-512:AD9A0E358BE7A765B4A554E6BBE35BDD61A52BCAC9F21915D84C2A1929780150DFDCF0E43121D0E844082B1BB92873ED848ACF9B38FF3C7D826E5D0F5D32C26C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........s..H................META-INF/......PK..............PK........s..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............2...sun/net/spi/nameservice/dns/DNSNameService$1.class.S]O.A.=......./@."e.,(>AH.` )..g.......l../j....LD..F_.M.xw.j.....s.{g.~.........d.n...9.0e.N..i.E.......~A.&.H..7....[<.7|....]f_.....r.)W....*~(B....nM..F.Z!.z.....Ye.(...B.3..2.AM0......pO..x.!.#.0U.I.G..Tu.&..L.......e.![.U..;...-.2.6.<.02P..9...R.......la...*.H....!.."-..H..E].Z.k^.W:p.J^s. .x .c..7j>.A..T...TfG...f....!.6zm.p.F..-.q.K.....1.!.w.C+,2..J....0.!C...0Lw...@..s[.cmp%I-.5..o...1.D].]q..4..-.t1...m.q.3.;\....D.+/..../...N....uv...R.|<<.2M...4...O.yz.F*A...).3{.....7....]..g.i..9&m.[.......K_.}.,;)}F..VR.w........|I.+..B.a...F.-C....h......Y...N...t..D.:.<..d..u`..r..B...PK..K.".u.......PK...........H............2...sun/net/spi/nameservice/dns/DNSNameService$2.class.
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):44516
                                                                                                                                                                                                Entropy (8bit):7.905075370162141
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:2YVL1eqfgKbWnXuZ/QvfBPJr+A6tkZQnWn109KqM9jE4z:2KL1eWgfnXuEfJQAdQnWn10kqg3z
                                                                                                                                                                                                MD5:1A33FF1FDD789E655D5E2E99E9E719BD
                                                                                                                                                                                                SHA1:AE88E6000EBD7F547E3C047FC81AE1F65016B819
                                                                                                                                                                                                SHA-256:A23A9A653A261C640703B42839137F8C4BF7650665E62DBDD7D538171BD72516
                                                                                                                                                                                                SHA-512:0451393D805414D6633824F3D18B609F7495324FAB56DF4330E874A8995BD9E0DA567D77DB682D7FD1544CD7E6A3D10745C23DB575035E391B02D6EE4C4362FD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........{..H................META-INF/......PK..............PK........{..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............Z...com/sun/java/accessibility/util/AccessibilityEventMonitor$AccessibilityEventListener.class.Wkp.........5..5..A6`l..C\j.A...eb)..)dm....J+..h...I.&&...L.4.3.$.aH.q.....M...i..m......KNf4.y..~.9g.>.....[p.:....n..p....(........#.D'".ta/.>.D7.|.s.!..f.o......#\w?o...;q..]x....B...~.....t..4>?.#N.1$Aw........;..#j.HJ0%..p...M.5...V[.. ...*......P...).qZ)......a-i...H2.EM..H.2l.H.eX_.>..(..J_..Lj.Z\3G...,...C|.....T..$,.q.OX...[.u..Qg..6..:...iz.q.-.*...:sD@9j.2[..w..I3a.r....cXM..m..}P..J.WU.d`o.nhD.3.=).)..o2..F*...8^k...f)t.........G...e|.....C*K."#.F...,.m.q..I8)....$..x^......e..?..c.D..8..e..7...U..8..dl...rc.s.7d..3...x.....E`.....n/.8.qY......i.~BQ..\.1.K2~.K...s.C.YN...@.Lh...i....PwwW.W...2.z....<%..F..+..xW.e...K.W0...3......J..)S.
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):18192143
                                                                                                                                                                                                Entropy (8bit):5.977388717447885
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:ZxJ9lXlkEhZWLyyQSgxv1/FGfnIWkRXe2p0F7tjRozGfVgMS55pU13JbL5xli3d6:ZhLk2bBSgnFGfnhAXLzAeylvi3dGT
                                                                                                                                                                                                MD5:042B3675517D6A637B95014523B1FD7D
                                                                                                                                                                                                SHA1:82161CAF5F0A4112686E4889A9E207C7BA62A880
                                                                                                                                                                                                SHA-256:A570F20F8410F9B1B7E093957BF0AE53CAE4731AFAEA624339AA2A897A635F22
                                                                                                                                                                                                SHA-512:7672D0B50A92E854D3BD3724D01084CC10A90678B768E9A627BAF761993E56A0C6C62C19155649FE9A8CEEABF845D86CBBB606554872AE789018A8B66E5A2B35
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK...........H................META-INF/....PK...........H..>.g...g.......META-INF/MANIFEST.MFManifest-Version: 1.0..Ant-Version: Apache Ant 1.8.2..Created-By: 1.8.0_40-b27 (Oracle Corporation)....PK..........H................com/PK..........H................com/sun/PK........j..H................com/sun/deploy/PK........j..H................com/sun/deploy/uitoolkit/PK........j..H................com/sun/deploy/uitoolkit/impl/PK...........H............!...com/sun/deploy/uitoolkit/impl/fx/PK...........H............$...com/sun/deploy/uitoolkit/impl/fx/ui/PK...........H................com/sun/deploy/uitoolkit/impl/fx/ui/resources/PK...........H............4...com/sun/deploy/uitoolkit/impl/fx/ui/resources/image/PK........}..H................com/sun/glass/PK...........H................com/sun/glass/events/PK...........H................com/sun/glass/ui/PK...........H................com/sun/glass/ui/delegate/PK...........H................com/sun/glass/ui/win/PK..........H................com/su
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1178848
                                                                                                                                                                                                Entropy (8bit):7.964832897711047
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:qLvFVMHxMyEg7+dYmx0nqEdgq2C942bjAHcOveMdDLtHHicwqJM5SznKMWKdk/H2:cF9rYmxQ5tOcOdFwqSYzn0DfYHs4jOBK
                                                                                                                                                                                                MD5:24857AD811CEDA70BD0F087FD28B5B6E
                                                                                                                                                                                                SHA1:707305EB10B1464D40BDEABADE77B80B984A621A
                                                                                                                                                                                                SHA-256:321D646AD29A5B180CA98BB49E81C2C732523B7E5145A3C568766CEC06B2B1CD
                                                                                                                                                                                                SHA-512:A10A340BDB2DE2D0D14ED804F04313D1D4CBD64EF0513A9E54B7FA95FFB05F2123C9095A4B2BFFA4DDF3ADEA9A67E978D26D115A8F5677AE1BD0EE67C416FA5A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........u..H................META-INF/......PK..............PK........u..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............,...sun/text/resources/ar/CollationData_ar.classm..O.A...Y[("...E..Q.....z....M.1A.f....m.n.G|._.WP@.R^T.D._.......b.N.H.....<..!._....!...j...#bCD.U..*.1"6ED.#*[..xp....;.:"....Q..O.'..:....3..5.~.J.~2.8.a.......e/....S....A.#.c.l...<n.ljM%.^.O%.y.w.K.;jD.X...._......,.B'\.;'.K.{...x.G..cL...9^`..x.W..0F....!...P.8&0.)..[..+.e.T.\.+w."g.YW.E...]....[....c....}.(.b..m1n..<`..[,..-&m...C.....W....}..k>y..x.....X K.fY..1.1..L.z.;.K.....n}..4...f0..|6.}..0..X."..+=.........n...6.Y.............l.o..%..w.8Ks..gq......3t/8C.........~<..<.3<....%....0F...(r..1..\5s..UO..jf..L..f...........................!.!.!.!.!.!.a..............................n&..... ..3.76.....#....l.OD......G.../..J.W..*...k5.V..........?.V..6...F...t.....X...X.
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1511
                                                                                                                                                                                                Entropy (8bit):5.142622776492157
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:EV677x6CFRf08P86xX+4jz98ht4QLlJVzDOFw5DOFFVzDOFvVzDOFz5qlV/FRARV:EE796OfT0OZjzGs6lDitfitigXFqX6Kp
                                                                                                                                                                                                MD5:77ABE2551C7A5931B70F78962AC5A3C7
                                                                                                                                                                                                SHA1:A8BB53A505D7002DEF70C7A8788B9A2EA8A1D7BC
                                                                                                                                                                                                SHA-256:C557F0C9053301703798E01DC0F65E290B0AE69075FB49FCC0E68C14B21D87F4
                                                                                                                                                                                                SHA-512:9FE671380335804D4416E26C1E00CDED200687DB484F770EBBDB8631A9C769F0A449C661CB38F49C41463E822BEB5248E69FD63562C3D8C508154C5D64421935
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:% VERSION 2..% WARNING: this file is auto-generated; do not edit..% UNSUPPORTED: this file and its format may change and/or..% may be removed in a future release..! access-bridge-32.jar..com/sun/java/accessibility/..! access-bridge.jar..com/sun/java/accessibility/..! cldrdata.jar..sun/text..sun/util..# dnsns.jar..META-INF/services/sun.net.spi.nameservice.NameServiceDescriptor..sun/net..! jaccess.jar..com/sun/java/accessibility/..# localedata.jar..sun/text..sun/util..# nashorn.jar..jdk/nashorn..META-INF/services/javax.script.ScriptEngineFactory..jdk/internal..# sunec.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunjce_provider.jar..com/sun/crypto/..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunmscapi.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunpkcs11.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# zipfs.jar..META-INF/services/java.nio.file.spi.FileSystemProvider..com/sun/nio/..# jfxrt.jar..META-INF/INDEX.LIST..com/sun
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2018860
                                                                                                                                                                                                Entropy (8bit):7.9328569913001905
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:fBkB7GOrPDSz0fHaIU1KDWtHkLs0amlyYu:fBkoOruSHa/4y/FmA
                                                                                                                                                                                                MD5:F3E3E7769994C69DFF6E35EF938443CA
                                                                                                                                                                                                SHA1:758F42C0A03121AD980DC98BE82DCAF790679E79
                                                                                                                                                                                                SHA-256:CF0268FF39D19876BD42BF59E2CE93BB9AA57E5EE98C212BAE0184BD87F2D35A
                                                                                                                                                                                                SHA-512:AB4801E8538B9B84124D2B8C36E64232F16DA686C5FA565C5DE2091C910806A850464F5CCC79C9320DF6F8CB943633FC38FEA63F9E0593A44E3541F15F126951
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........o..H................META-INF/......PK..............PK........o..H................META-INF/MANIFEST.MFm....0.E.&...:..q.0.....W.g(>Z.v..E4,...{o..>1&y...w.0JsV....<..A..M.bs.. ......F|.Y... .Bt.K9...N%.).s.D.qVC.......c?......'..B,k...&.......i?^0...o...PK..\K:x........PK........i..H............6...jdk/internal/dynalink/beans/AbstractJavaLinker$1.class.S.N.Q..N[.mY.".....T......7.%....A...t..n..m........k51.....2..H.51....o..|..9?~~;....9..J.Y.g...5......M%.4......z....=..v.OF"..7.#....-.e......nU...G^ K.a/.BF.....y.....*C.C.^..!.R.eH.....j....aK.M...3].....=..;'.;]j*..>C....#*.:..Z.(.N...JvEX.I.e..A..."j...C....t.C.q..:..>.J1}...z`..v...[.. .QTa..kXeX..'.1O.c..1...x..W..a.....3.Gl.VG8.C.tE5P...rN.&.v.....F.V.{.say.0^~m.....e....VW.B..x.h..u.i.K..F..j.[;;..Z.z.^f.8.q~.nR.n....Q.2..$.)B.$..|.;.....'.&. .j|@.E....FP#....A-..."...b.n.".H/c..Ho..s.I./.X..p...}..]F....SP.L.u."@..$o.9.b.'.!.;X~6..PK..]./.<...H...PK........i..H............K...jdk/internal
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):39771
                                                                                                                                                                                                Entropy (8bit):7.92713480980539
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:ah0EOq/w9b3jpSo40ROLB2CUrQbNVkJBtw6pcZWztpQeA4Uz7NWnZVNB3gX083/z:aJOyw9b3joo4hLB2CUr2yBw6pcMtpS44
                                                                                                                                                                                                MD5:A269905BBB9F7D02BAA24A756E7B09D7
                                                                                                                                                                                                SHA1:82A0F9C5CBC2B79BDB6CFE80487691E232B26F9C
                                                                                                                                                                                                SHA-256:E2787698D746DC25C24D3BE0FA751CEA6267F68B4E972CFC3DF4B4EAC8046245
                                                                                                                                                                                                SHA-512:496841CF49E2BF4EB146632F7D1F09EFA8F38AE99B93081AF4297A7D8412B444B9F066358F0C110D33FEA6AE60458355271D8FDCD9854C02EFB2023AF5F661F6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK.........r.F................META-INF/MANIFEST.MF..I..H....Q..C.f.X..*b......lz..$..dK6..7U....N.5...... .GT.......[.{a...8#(FI......%Ao==...U%%.QOIjL....'.o../..q.q.!....k..)}..4...@J..~\....@..z0._.*....L....=..z.=?)..%... n......HoY.>?........]....Nz..,..c./........6$.@....1.2.X...`:G.j.S..IP.-X...0..8jk...|.....YF.b..u.9...F\.j......y.*Q.'..2.i.S.D...z.j...a..a..L.o..+v. .!.h..8H...d..R.d1a...A.9........zC..Z_.p.`...).t. ...q.1.......\...RS."..11.C.Y..I...J.(.(x.m..N..('[..C.o....H..].<#.%....CZ....[....Y......g..=.2...........I....qm.-....(..BZF.r8=.C(F...I.."...$W....]...9..0b......]...5.M.....`"."k...k....T\....WZQ.>.8..KF..g[Y.c5.s...U..-c....!v..$.rG......1T....bb.s>..R.w....&8.*NX@o+...~,K..2..yI..._f^.l@..|.....U...^...#.P.u!.#..g@/d.<.../..:..V.[.6B.TG....>.D..R\.k....E.E.O4K..Z....f.,..f......hRW...) X......\M.#!)..H..b..f...w..R....w.=.........PC.#...K..|..d.S..Ms.]4q.....c..f......}.NF^.7d...|.*..^\n.l.D..V......
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):279427
                                                                                                                                                                                                Entropy (8bit):7.90277234368113
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:E/Ieog0SgEOU8pqHbQpr16jWun5bT1aReAaTFMzpx2Xcpll+PrA3YaRBlLi:E/m9eJsppCLJTURe9TFMrQ0fkUK
                                                                                                                                                                                                MD5:B04074A9FC78DC1409168E1E2D139647
                                                                                                                                                                                                SHA1:54182C904A48364FC572E3A2631DF14823C29CEF
                                                                                                                                                                                                SHA-256:BFAD3FB11E7115AAF34719488551BF3205B2FAFFB38681C7F6BDAD19BB7568C2
                                                                                                                                                                                                SHA-512:E97CA3D53E867E957BF467688F83C53B2FD6FF1EA001B19F03A23096581DC8ADCEC7C1403D164D063B1A437E4BF6FA98E1543626849D4E17E31156CB012F9599
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........aZ.H................META-INF/MANIFEST.MF.|I..V..".?xP...p.#..7.G D.N.......~...)....ic.;..[.k.../3...5.5........O....x....6c4>...].u....h.~2.f,n.O|3.}.|<..._}..o........K..Z.=.$m....>...'....O?...G.>&..)no.......Z=...k..~...O.z....c.|(..9.=..|....q.vc....}..i.3.~.}x...~.?.+..._...}.......|..,.,..&`.s..=.....h...%.g.'~..i......p.;A..B..99{....E..k........)......^IW!.._....+..)....d._0...s......v..R.c.*]..0.C..Z}.....j..O%.I.....J.%..).Q..=..0.J.J...A......%T...$..h.#.N%N.e.ne...=DV.......+.....(..f...yn.P..-...f.ON..d=8-....B.^......S.+........$V`..uz....US..h.8.4^Y-;4.M.+i...dw.9.x..k.]...\u..j{<.....r.....y}.E.....X.~%....zF;.<....+-...X.I.I..]..N`.2.G....c~..J.r.o@..My.(.H,...b.e...5'e./...b;D~.%....};....J....1k5CrO..6....n.....>.t..0a.......,.J./;.q.y...w...J.t&s.2.sYk....1...5..._x.....Q..M.J...N.y3{....R..~.F..V......'z...{|..j5..../.;.NCGG\.....!M...Pfe/l..).zL..9.4....?..o.....}.F..M....~.L.q.] ..x.v..d.]G[...q$.E.o...r.(..
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):32699
                                                                                                                                                                                                Entropy (8bit):7.878192531974338
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:iLy1giOqjU0jNVmOTuDQJD/RpAczsikFfg0y+7aBTS73dyPoXvvKv2PtvHubyKhi:i4giOaU0jNVmOCADZpVsiUf3yua5S7t7
                                                                                                                                                                                                MD5:2249EAC4F859C7BC578AFD2F7B771249
                                                                                                                                                                                                SHA1:76BA0E08C6B3DF9FB1551F00189323DAC8FC818C
                                                                                                                                                                                                SHA-256:A0719CAE8271F918C8613FEB92A7591D0A6E7D04266F62144B2EAB7844D00C75
                                                                                                                                                                                                SHA-512:DB5415BC542F4910166163F9BA34BC33AF1D114A73D852B143B2C3E28F59270827006693D6DF460523E26516CAB351D2EE3F944D715AE86CD12D926D09F92454
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........)..H................META-INF/MANIFEST.MF....X.........ad2....@..%E..M.^.x.. O_dW.5Qi..8.....).aY=.!.Q....g..AM..&0....d.*./#..yM+......g.[.O..$....I?>X9..G......h.]...".y....do.O..2.Y.\^...}+....p2..u.]...V0}....&..a.C...-.....n.....M...M.F..,.....v@...>>|..["J...U7")..#b.oV.a...l.g..e.s..L.D..={.-gLEt.....!/... q....z.J...0.2e...=.....[]{..N...1....Z.....2...I.k...Sy..Qm...{....;.On..!.@..S.IZ..=......Lo.N4..|.j...!.l..G..}.Q....u....ADh.z.w.-..@%.@...!.".R.nHE.P]..J!..E.9Sw.LM7.&...[v..~.P...bp;.....:id.e..o.h..8.C....l...70..].gp..7.<.P.....Zj.....M......-.(@~...M^.....asJ.Y.1.e...(qW..h.c.Iu...-.A..?.5.Ex.S.oc6.).Qkr..+....|..._..H..!7..hs.r.;.z=.....*#.c....6...O+q.I.....|.4.V....Y.T.....4XO..4.>..1.$h..lu..l0..?...w.......o.u....6..)BG'..f......d.v...........<.i..Bj..d..L.....G.r@1.....0..d......'...........*.rK....5x..8.V..9(..Y.`'.k.N....3b.rx.p..c...M_j%..U.z.|Y.1\....d...-I.<g........-.h.*.F...me.F..p.c.o..
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):250826
                                                                                                                                                                                                Entropy (8bit):7.951088517189604
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:dKtThM4XbBG7v3jUAbE0MEIynrI25ENN/kv1Pv:dKphM4X1G7PjlbE0MxHLbC
                                                                                                                                                                                                MD5:2E33D8F1FBEB9239C6FFC0D36DE772D1
                                                                                                                                                                                                SHA1:3F881E3B34693A96CD3D9E20D6AEABAE98757359
                                                                                                                                                                                                SHA-256:938C497E97E893D0B9325522475AD9FB2C365A4AF832ED180B570C3E4E6FD559
                                                                                                                                                                                                SHA-512:DB9A5B0F269BBFC9CB712D8BF170414D649CD72F0DEECCDC3A4D742430E2E29E203F7E462D2DF8F9EC2C82723A8A56FF8FD409CDCBE66547C798B15370B8DB65
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........mS.F................META-INF/MANIFEST.MF.{.........3.. l@ .G...D.#49A/...........Z.jTUj.{g.\.r..4y...n2.y.........s.UI.4S0=_...*....,..sn..N.p..m..C.....F|{..%Q.....m.v...6.Q.|a.k.?....}...../Q[.6..?.....*..v..P....>..O.:%.E..........o.uS..O..S..Jo....}../.........z.b.....?}_..%pL.y....h.aP.a...1....)..$..IH....v.-..q|..D.z8b..y.<...x..M.K]b=.+.0nSt.co(.-.............C.u..2.W..3...+.....9.d.......L..</..P..z+n..JR;V..K....>...D.....<.....=..+e....>L..`......g.....Os..Ly..T..a.`.}.......Z...R..S...c..z......x.U..)...J.........e..=rr..^K.....hY2.U....e........N.9..r).#!V[..`...B.......CW.}o.q......u7..h0?6.P.14N.-J.\.!u`....H..l...1'J=[.+.-.....X.9.@.......a{C.).Z..P(W.}O...%./..XG=...^..N.enV.F<..oW.|....CJ.....\x..g;v.L.Wf...N.#..*..!.L..:.MD.Vy.z.0.L..72...|.=..eB6(z....#:8D..ig....U....SO.t......0_...>S...}.L.ze....=...k&.[...U^p.$...(........m.z.....~.F..........h......z3<LO.y..4.......w.3.......,W8(..3UF.R.....J)J..q.....Z.d.;
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):68923
                                                                                                                                                                                                Entropy (8bit):7.950933538093809
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:YNSe2yN5DbD630l1MIeEfqjGWb2LU2j6rnbisZp/u:Ne2yNhDVl1leEP/qn2sZk
                                                                                                                                                                                                MD5:4D507E8D7BBF5ECEC8791CBA57B1CE17
                                                                                                                                                                                                SHA1:A66C0D4648A06B9078252D090D596C91C591AA50
                                                                                                                                                                                                SHA-256:C3993DF765AFF1068A656B28A7A4EDFFE7710AE3B6AA2EA056A6F9C3EDBDC210
                                                                                                                                                                                                SHA-512:21B4E729B16947B31657DC5F7F5C75DCDA9F94B4A0ED414E11A6D02951137AC266D605855DDDA7C21BE0200EA07530962D1ECE2FAE009EAE5F2A1A365195C995
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........b..H................META-INF/......PK..............PK........b..H................META-INF/MANIFEST.MF..;..0...@...uhI.J6-...E.U..-..(I,..m.|Up=..;.B.:.19...Y.Y*8+M.....p,m...F.....?..zRQ..........l....C..]....cO..T.......ds...(.9,...[.~...;.....>....Y.*T6)4. .3..PK.../.?....L...PK........I..H............-...com/sun/nio/zipfs/JarFileSystemProvider.class.U]S.U.~NH.a.@..B.\.!.$.U[.X..J..H..G...$,Mv.....z....9...........Z.d..a.1.y...<..s.y...~....x&c......q..B.`B.......'b.4...'e.1%......i!f../aV.L......B,.XD..KX.......V..^..@....`SD..`[.C._0.'..p.2.EF...SV.3t-.&OW.Yn....i....vx..=..]}O.J.Y.2.m..q.Tmc.Z.....H.arW[[I.7.L...F.k.E&...../.z.J...,U. QD...%....v...".+s.-f.....e..3....."..bvu[..b..Ag.<I7U*.^J..j....~.W\.2....i.j..1C7..:..U.QM.UG.d.c`4.8.Pf..MA.E.;0...1.r..bX..$l>h..%..,h.*..."^=m.90]}.T.}'.&...B;m.-.9.\T....x.p.laD.....#..U.r..P..o...(.a.....`.E.....*1..4-......fT......H.*kN..1....r.Z"7.J+d....B5.'U...e.).!...rt...^.p3..k.8.j.:..k5T....".
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4005
                                                                                                                                                                                                Entropy (8bit):4.909684349537555
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:5Th0S7zmtRUioj/DUXBZZjM8mcWoe+YfVktH:5h0Iz6Uioj/YXLZjnmdoeDktH
                                                                                                                                                                                                MD5:B0CE9F297D3FEC6325C0C784072908F1
                                                                                                                                                                                                SHA1:DD778A0E5417B9B97187215FFC66D4C14F95FEF0
                                                                                                                                                                                                SHA-256:6DA00C1CBE02909DCD6A75DA51D25DBF49BFD1D779C0B8E57B12E757229FC4A8
                                                                                                                                                                                                SHA-512:4C774BCB9ADE996569C86DD46B3BDB046771AD1BCF9AABB9DB86854C83E18015CBE5DF73DA86EE98E26BA0393F548B1CC09DE60BDA4248EACC4FC833E23B8AB4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# This properties file is used to initialize the default..# java.awt.datatransfer.SystemFlavorMap. It contains the Win32 platform-..# specific, default mappings between common Win32 Clipboard atoms and platform-..# independent MIME type strings, which will be converted into..# java.awt.datatransfer.DataFlavors...#..# These default mappings may be augmented by specifying the..#..# AWT.DnD.flavorMapFileURL ..#..# property in the appropriate awt.properties file. The specified properties URL..# will be loaded into the SystemFlavorMap...#..# The standard format is:..#..# <native>=<MIME type>..#..# <native> should be a string identifier that the native platform will..# recognize as a valid data format. <MIME type> should specify both a MIME..# primary type and a MIME subtype separated by a '/'. The MIME type may include..# parameters, where each parameter is a key/value pair separated by '=', and..# where each parameter to the MIME type is separated by a ';'...#..# Because SystemFla
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:raw G3 (Group 3) FAX
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3670
                                                                                                                                                                                                Entropy (8bit):4.40570512634857
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:IRsY7hGbXWvaBKvKY5csW4BxciETBT5Bxrws+LW/B56JF:At/vaBKvKY5fxci8jMWY
                                                                                                                                                                                                MD5:E0E5428560288E685DBFFC0D2776D4A6
                                                                                                                                                                                                SHA1:2AE70624762C163C8A1533F724AA5A511D8B208E
                                                                                                                                                                                                SHA-256:AAE23ACC42F217A63D675F930D077939765B97E9C528B5659842515CA975111F
                                                                                                                                                                                                SHA-512:C726CC2898399579AFA70ACACE86BEC4369D4541112243E51721568B4D25DCC6C66FA64AC475AFF9BA9DE07A630B24A9F221FA00426AD36845203BA809219E3C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...%.........6.Y.j.{.........+...........6.=.:.-.9.;.<.3...0.4./.2.8.1.5.7......................................................................................................................................... ............... .........................................................................................................................D.C.I.F.A.G.E.B.?.@.>.H...........................................................................................!.".#.$.%.&.'.(.).*.+.+.+.+.+.J.M.U.^.f.e.X.W.d.V.R.\._.`.a.Y.O.Z.P.S.K.Q.N.[.c.L.T.].b.g.j.}...r.q.l.{.z.....p.o.|.s.k.w.~.t.x.v.y.........h.u.i.m.........n.................................................................................................................................................!......."........... .................#.(.-.2.7.<.A.F.K.P.U.[.a.g.m.s.y......................................................... .(.5.;.H.U.d.v...............................*.4.?.H.T.].i.s.~.............................".7.@.J.R.R.^.i
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10779
                                                                                                                                                                                                Entropy (8bit):5.217016051711063
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:Pj2TlKg7RzPc/mOHUFN5HX/rS8QbWZjjfVpMbtxp8lcR9NN:Pj6Y8NcFzXbWZjj9pSMlcz
                                                                                                                                                                                                MD5:0C1DB7410938A3634BD9928BA2F284CB
                                                                                                                                                                                                SHA1:7EE31F22136E73A2A3D0AAB279199778BAAB06F5
                                                                                                                                                                                                SHA-256:818A718788E5506EBB84F26DE82B6C60E08861876400E9ED3931346174D5D7FB
                                                                                                                                                                                                SHA-512:EE267E59564A077713856A307382D40D0D8DF8E7EC2EF930723B076F5E38446D3B2600D10AC192262F9A3A86D9973CF13A9E90D180818C05A6C7896A5BD7AD19
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# ..# Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....# Version....version=1....# Component Font Mappings....allfonts.chinese-ms936=SimSun..allfonts.chinese-ms936-extb=SimSun-ExtB..allfonts.chinese-gb18030=SimSun-18030..allfonts.chinese-gb18030-extb=SimSun-ExtB..allfonts.chinese-hkscs=MingLiU_HKSCS..allfonts.chinese-ms950-extb=MingLiU-ExtB..allfonts.devanagari=Mangal..allfonts.dingbats=Wingdings..allfonts.lucida=Lucida Sans Regular..allfonts.symbol=Symbol..allfonts.thai=Lucida Sans Regular..allfonts.georgian=Sylfaen....serif.plain.alphabetic=Times New Roman..serif.plain.chinese-ms950=MingLiU..serif.plain.chinese-ms950-extb=MingLiU-ExtB..serif.plain.hebrew=David..serif.plain.japanese=MS Mincho..serif.plain.korean=Batang....serif.bold.alphabetic=Times New Roman Bold..serif.bold.chinese-ms950=PMingLiU..serif.bold.chinese-ms9
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,422.Lucida BrightDemiboldLucida Bright Dem
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):75144
                                                                                                                                                                                                Entropy (8bit):6.849420541001734
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:H8Jwt1GIlZ6l0/9tRWhc0x/YxvsTjyIDXCrGU/tlDaKAgKrTLznvzDJIZmjFA0zG:Mwtze9xQcQ/LDaKAgK3LLvzFogbFt5WD
                                                                                                                                                                                                MD5:AF0C5C24EF340AEA5CCAC002177E5C09
                                                                                                                                                                                                SHA1:B5C97F985639E19A3B712193EE48B55DDA581FD1
                                                                                                                                                                                                SHA-256:72CEE3E6DF72AD577AF49C59DCA2D0541060F95A881845950595E5614C486244
                                                                                                                                                                                                SHA-512:6CE87441E223543394B7242AC0CB63505888B503EC071BBF7DB857B5C935B855719B818090305E17C1197DE882CCC90612FB1E0A0E5D2731F264C663EB8DA3F9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........pLTSH$....#.....OS/2p.{........Vcmap.U.z...T...jcvt 8.E.........fpgm..1.........glyf@>.7...l....hdmx..(:...t..1.head.?....T...6hhea.U........$hmtx..ys...... loca..\4........maxp.8......... name..#.........postM.IA.......prepbM.h.......W.............).......).....d. ............................B&H.. . .3.D.\...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................P...T.@.....~.............&.. . . . . " & 0 : D t .!"!&"."."."."."."+"H"`"e%................3..... .............&.. . . . . & 0 9 D t .!"!&"."."."."."."+"H"`"d%................3.........W.......M...d...............1.....j.y........t.q._./.0.......v.t.r.p.g.T.....R..........................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc.Lucida BrightDemibold ItalicLucida Bright Demibold Itali
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):75124
                                                                                                                                                                                                Entropy (8bit):6.805969666701276
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:lww80sTGzcKHwxWL0T+qHi/sbA06PoNORsr5sOnD0OyuusGa7bs4J:lwL0i97WL0T+qHA9cOR05FD0Oyup74w
                                                                                                                                                                                                MD5:793AE1AB32085C8DE36541BB6B30DA7C
                                                                                                                                                                                                SHA1:1FD1F757FEBF3E5F5FBB7FBF7A56587A40D57DE7
                                                                                                                                                                                                SHA-256:895C5262CDB6297C13725515F849ED70609DBD7C49974A382E8BBFE4A3D75F8C
                                                                                                                                                                                                SHA-512:A92ADDD0163F6D81C3AEABD63FF5C293E71A323F4AEDFB404F6F1CDE7F84C2A995A30DFEC84A9CAF8FFAF8E274EDD0D7822E6AABB2B0608696A360CABFC866C6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........pLTSH.....#.....OS/2k.{........Vcmap.U.z...T...jcvt =jC.........fpgm..1.........glyf.......h...Jhdmx.......`..1.head..X.......6hhea...;.......$hmtx.b......... loca..\....0....maxp...:...D... name .7]...d....postM..A........prep.C.f....................).......).....d. ............................B&H..!. .3.D.\...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................P...T.@.....~.............&.. . . . . " & 0 : D t .!"!&"."."."."."."+"H"`"e%................3..... .............&.. . . . . & 0 9 D t .!"!&"."."."."."."+"H"`"d%................3.........W.......M...d...............1.....j.y........t.q._./.0.......v.t.r.p.g.T.....R..........................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,773.Lucida BrightItalicLucida Bright Itali
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):80856
                                                                                                                                                                                                Entropy (8bit):6.821405620058844
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:jw9ESkPFybxWj1V7zbPUoOPjp85rFqXpLboVklDNTc2Wt:jwZO0xWPTU7l85rFYpLbott
                                                                                                                                                                                                MD5:4D666869C97CDB9E1381A393FFE50A3A
                                                                                                                                                                                                SHA1:AA5C037865C563726ECD63D61CA26443589BE425
                                                                                                                                                                                                SHA-256:D68819A70B60FF68CA945EF5AD358C31829E43EC25024A99D17174C626575E06
                                                                                                                                                                                                SHA-512:1D1F61E371E4A667C90C2CE315024AE6168E47FE8A5C02244DBF3DF26E8AC79F2355AC7E36D4A81D82C52149197892DAED1B4C19241575256BB4541F8B126AE2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........pLTSH...2..:L....OS/2p.|y.......Vcmap.U.z...T...jcvt F.;.........fpgm..1.........glyf.}.....@....hdmx?..p......1.head.A![.......6hhea.......P...$hmtx3..9...t... loca6..........maxp.......... name...p.......~postM..A...H....prep.......................).......).6...d. ............................B&H.... .3.D.\...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................P...T.@.....~.............&.. . . . . " & 0 : D t .!"!&"."."."."."."+"H"`"e%................3..... .............&.. . . . . & 0 9 D t .!"!&"."."."."."."+"H"`"d%................3.........W.......M...d...............1.....j.y........t.q._./.0.......v.t.r.p.g.T.....R..........................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,421.Lucida BrightRegularLucida Bright Regu
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):344908
                                                                                                                                                                                                Entropy (8bit):6.939775499317555
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:oBfQeUG2CCTufrmOufymM8hvFHp277tS9iZFYSATxNm:oNQ3vCCTcaFNJw7tSgYS82
                                                                                                                                                                                                MD5:630A6FA16C414F3DE6110E46717AAD53
                                                                                                                                                                                                SHA1:5D7ED564791C900A8786936930BA99385653139C
                                                                                                                                                                                                SHA-256:0FAAACA3C730857D3E50FBA1BBAD4CA2330ADD217B35E22B7E67F02809FAC923
                                                                                                                                                                                                SHA-512:0B7CDE0FACE982B5867AEBFB92918404ADAC7FB351A9D47DCD9FE86C441CACA4DD4EC22E36B61025092220C0A8730D292DA31E9CAFD7808C56CDBF34ECD05035
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........pLTSHN..U..=....~OS/2...S.......Vcmap..tO...T....cvt =|t>.......tfpgm..1....`....glyf.J.........Jhdmx]......D....head.WD...h...6hhea.j.........$hmtxW.6|........loca............maxp......4.... nameJO....4....rpost..g...8,..M.prep.].O.......T.............).......).....d. .............."....`........B&H..@. ...D.]...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................|...........~.............&.u.z.~.......................O.\.....................:.R.m.......... . . . . " & 0 : D t .!"!&!.".%....................3.b.r.t....... .............&.t.z.~.........................Q.^...................!.@.`.p........ . . . . & 0 9 D t .!"!&!.".%....................3.^.p.t.v.........W.......M......................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:TrueType Font data, 15 tables, 1st "LTSH", 19 names, Macintosh, Copyright (c) 1999, 2001 by Bigelow & Holmes Inc. Pat. Des. 289,420.Lucida SansDemiboldLucida Sa
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):317896
                                                                                                                                                                                                Entropy (8bit):6.869598480468745
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:R5OO1ZjNDE7/MsTJ30otegK4zJwz3UhG5jXsrg2HLzYv7cf0R7o7+WX/ov2DG:bOO11CEo9xzJwljXsrhHQ7cMuX/16
                                                                                                                                                                                                MD5:5DD099908B722236AA0C0047C56E5AF2
                                                                                                                                                                                                SHA1:92B79FEFC35E96190250C602A8FED85276B32A95
                                                                                                                                                                                                SHA-256:53773357D739F89BC10087AB2A829BA057649784A9ACBFFEE18A488B2DCCB9EE
                                                                                                                                                                                                SHA-512:440534EB2076004BEA66CF9AC2CE2B37C10FBF5CC5E0DD8B8A8EDEA25E3613CE8A59FFCB2500F60528BBF871FF37F1D0A3C60396BC740CCDB4324177C38BE97A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........pLTSH_R.a........OS/2...........Vcmapz.$L.......Zcvt ...y...8...hfpgm..1.........glyf......\....hdmx..0A.......hhead..&..:H...6hhea......:....$hmtx.,Z:..:.....loca.~'...T.....maxp......n.... name..=%..n....Kpost$.#...s$..[?prep......d...a..........................................)........2'............'........ ....................".".............0.%...............%...........)....................... ......0 ..............................) ) ) ) ...........................................2.2.2.2.).......................................................'"'"'"1....0.........................................................................................................'.....'...........)..,...&,....#............./&.....&.&.$.....$...$........'....... ....)...."...,.......+.....'....).,.....-)..)................... ..."..................,.........(.........,........................../..2.......+.........,.#) .....................+..).........0......+...............,.,.,......
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:TrueType Font data, 18 tables, 1st "GDEF", 19 names, Macintosh, Copyright (c) 1999 by Bigelow & Holmes Inc. Pat. Des. 289,420.Lucida SansRegularLucida Sans Regu
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):698236
                                                                                                                                                                                                Entropy (8bit):6.892888039120645
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:6obn11t7t7DxT+3+OQ64cctiOAq12ZX/DmfT6R83Sd8uvx7wSnyER4ky+SH/KPKQ:6oTJZzHniOAZ783Sd8uvx7wSnyER4kyI
                                                                                                                                                                                                MD5:B75309B925371B38997DF1B25C1EA508
                                                                                                                                                                                                SHA1:39CC8BCB8D4A71D4657FC92EF0B9F4E3E9E67ADD
                                                                                                                                                                                                SHA-256:F8D877B0B64600E736DFE436753E8E11ACB022E59B5D7723D7D221D81DC2FCDE
                                                                                                                                                                                                SHA-512:9C792EF3116833C90103F27CFD26A175AB1EB11286959F77062893A2E15DE44D79B27E5C47694CBBA734CC05A9A5BEFA72E991C7D60EAB1495AAC14C5CAD901D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:........... GDEF..|.......GPOS.......L...HGSUB.f.........LTSH...........uOS/2.#GQ...,...Vcmap..4........4cvt .y..........fpgm.!&.........glyf. ..........hdmx...M...(...\head..........6hhea...........$hmtx.S........-.loca'.c......-.maxp...Y....... nameW..r........post.&-.........prep.........................).......).....d. ...................{........B&H..@. ...D.]......`................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~..........................................................................................................".....".~...............E.u.z.~.......................O.\...............................:.R.m.............9.M.T.p.:.[.... . F p . . .!8!.!.".#.#.#!$i%.%.%.%.%.%.%.%$%,%4%<%l%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.&.&.&.&.&<&@&B&`&c&f&k'.'.'''K'M'R'V'^'g'.'.'................ .3.....6.<.>.A.D.N.b.r.t......... .........P.......t.z.~
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:TrueType Font data, 13 tables, 1st "OS/2", 16 names, Macintosh, Copyright (c) 1999, 2001 by Bigelow & Holmes Inc.Lucida Sans TypewriterBoldLucida Sans Typewrite
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):234068
                                                                                                                                                                                                Entropy (8bit):6.901545053424004
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:3BPS7w5KIMtYwqcO3GbA4MJcs2ME9UGQ2n9gM/oD:xVMtgcGGPMJcs4b9gM/4
                                                                                                                                                                                                MD5:A0C96AA334F1AEAA799773DB3E6CBA9C
                                                                                                                                                                                                SHA1:A5DA2EB49448F461470387C939F0E69119310E0B
                                                                                                                                                                                                SHA-256:FC908259013B90F1CBC597A510C6DD7855BF9E7830ABE3FC3612AB4092EDCDE2
                                                                                                                                                                                                SHA-512:A43CF773A42B4CEBF4170A6C94060EA2602D2D7FA7F6500F69758A20DC5CC3ED1793C7CEB9B44CE8640721CA919D2EF7F9568C5AF58BA6E3CF88EAE19A95E796
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........POS/2..........VcmapW......4....cvt .M/.........fpgm..1.........glyf|......@....head.c....L...6hhea...........$hmtx.e.........tloca..h..."....xmaxp......7.... name......7.....post1..%..;h..I.prep.......4... .............3.......3...1.f................+...x.........B&H.. . ...D.]......`................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a....................................................................................................................................x...........~...............u.z.~.......................O.\...............................:.R.m...........:.[.... . . . " & 0 3 : < > D . . . . .!.!.!.!"!&!.!^!.!.".".".".".".".")"+"H"a"e#.#.#!%.%.%.%.%.%.%.%$%,%4%<%l%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.&<&@&B&`&c&f&k...................3...b.r.t....... ...............t.z.~.........................Q.^.............................!.@.`.p...........?.... . . . &
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:TrueType Font data, 13 tables, 1st "OS/2", 16 names, Macintosh, Copyright (c) 1999 by Bigelow & Holmes Inc.Lucida Sans TypewriterRegularLucida Sans Typewriter R
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):242700
                                                                                                                                                                                                Entropy (8bit):6.936925430880877
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:VwzZsJcCrn271g+UGFDUnrrHqMyBtlc3+fzx5R1zeqZdDgfSkecUfEDpEXzSyPMx:GWcCrn2C46Ak+naqaucYEDpEX3gZoO9
                                                                                                                                                                                                MD5:C1397E8D6E6ABCD727C71FCA2132E218
                                                                                                                                                                                                SHA1:C144DCAFE4FAF2E79CFD74D8134A631F30234DB1
                                                                                                                                                                                                SHA-256:D9D0AAB0354C3856DF81AFAC49BDC586E930A77428CB499007DDE99ED31152FF
                                                                                                                                                                                                SHA-512:DA70826793C7023E61F272D37E2CC2983449F26926746605C550E9D614ACBF618F73D03D0C6351B9537703B05007CD822E42E6DC74423CB5CC736B31458D33B1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........POS/2...s.......`cmap..Rh...<....cvt m......@...<fpgm..1....|....glyf..;}...8....head.,j..2L...6hhea......2....$hmtx.....2.....loca.PB...H(....maxp.z....].... namex.R...].....post...Q..ax..I.prep.UJ....\.................).......).....d. ..............{.............B&H..@. ...D.\...... ........=..... ......................................................................................... !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~..................................................................................................................~...............u.z.~.......................O.\...............................:.R.m...........:.[.... . . . " & 0 3 : < > D . . . .!.!.!.!"!&!.!^!.!.".".".".".".".")"+"H"a"e#.#.#!%.%.%.%.%.%.%.%$%,%4%<%l%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.&<&@&B&`&c&f&k.........................3...b.r.t....... ...............t.z.~.........................Q.^.............................!.@.`.p...........?..
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14331
                                                                                                                                                                                                Entropy (8bit):3.512673497574481
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:W6Zh/3dzz8XIrN2r1CdaqRWtHwBWgvw0Jy/ArUsJzu0HI:W6jhGIwxCdaqWQBWgvw0JyorBJzu0o
                                                                                                                                                                                                MD5:6E378235FB49F30C9580686BA8A787AA
                                                                                                                                                                                                SHA1:2FC76D9D615A35244133FC01AB7381BA49B0B149
                                                                                                                                                                                                SHA-256:B4A0C0A98624C48A801D8EA071EC4A3D582826AC9637478814591BC6EA259D4A
                                                                                                                                                                                                SHA-512:58558A1F8D9D3D6F0E21B1269313FD6AC9A80A93CC093A5E8CDEC495855FCD2FC95A6B54FE59E714E89D9274654BB9C1CD887B3FB9D4B9D9C50E5C5983C571B8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..# This properties file defines a Hijrah calendar variant...#..# Fields:..#..# <version> ::= 'version' '=' <version string>..# <id> ::= 'id' '=' <id string>..# <type> ::= 'type' '=' <type string>..# <iso-start> ::= 'iso-start' '=' <start date in the ISO calendar>..# <year> ::= <yyyy> '=' <nn nn nn nn nn nn nn nn nn nn nn nn>..#..# version ... (Required)..#..# id ... (Required)..# Identifies the Java Chronology..#..# type ... (Required)..# Identifies the type of calendar in the standard calendar ID scheme..# iso-start ... (Required)..# Specifies the corresponding ISO date to the first Hijrah day..# in the defined range of dates..#..# year ... (Required)..# Number of days for each month of a Hijrah year..# * Each line defines a ye
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):657
                                                                                                                                                                                                Entropy (8bit):4.993355967240905
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:QcwmIzDpneoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoe9B7aEiwoXH3Eoe4Q:QhDpemaoXHIB5foMS1JUqf07f
                                                                                                                                                                                                MD5:9FD47C1A487B79A12E90E7506469477B
                                                                                                                                                                                                SHA1:7814DF0FF2EA1827C75DCD73844CA7F025998CC6
                                                                                                                                                                                                SHA-256:A73AEA3074360CF62ADEDC0C82BC9C0C36C6A777C70DA6C544D0FBA7B2D8529E
                                                                                                                                                                                                SHA-512:97B9D4C68AC4B534F86EFA9AF947763EE61AEE6086581D96CBF7B3DBD6FD5D9DB4B4D16772DCE6F347B44085CEF8A6EA3BFD3B84FBD9D4EF763CEF39255FBCE3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..# List of JVMs that can be used as an option to java, javac, etc...# Order is important -- first in this list is the default JVM...# NOTE that this both this file and its format are UNSUPPORTED and..# WILL GO AWAY in a future release...#..# You may also select a JVM in an arbitrary location with the..# "-XXaltjvm=<jvm_dir>" option, but that too is unsupported..# and may not be available in a future release...#..-client KNOWN..-server KNOWN..
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1320
                                                                                                                                                                                                Entropy (8bit):5.02145006262851
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:n3lG0Bf4dJ0qEAmG620WKG0WBph8T2AGjGg0kz8lrbfOi7:3E0Bf4qrzrlWzy+ckUfP
                                                                                                                                                                                                MD5:01B94C63BD5E6D094E84FF3AD640FFBF
                                                                                                                                                                                                SHA1:5570F355456250B1EC902375B0257584DB2360AE
                                                                                                                                                                                                SHA-256:52845DEB58038B4375C30B75DD2053726872758C96597C7CC5D6CEF11F42A2BA
                                                                                                                                                                                                SHA-512:816BE2271CF3ECF10EE40E24A288CE302B2810010BEF76EFC0CE5746591955921B70F19005335F485D61A7B216DCCE0B06750831720DD426D07709154D5FAC7A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..#..# Cursors Properties file..#..# Names GIF89 sources for Custom Cursors and their associated HotSpots..#..# Note: the syntax of the property name is significant and is parsed..# by java.awt.Cursor..#..# The syntax is: Cursor.<name>.<geom>.File=win32_<filename>..# Cursor.<name>.<geom>.HotSpot=<x>,<y>..#. Cursor.<name>.<geom>.Name=<localized name>..#..Cursor.CopyDrop.32x32.File=win32_CopyDrop32x32.gif..Cursor.CopyDrop.32x32.HotSpot=0,0..Cursor.CopyDrop.32x32.Name=CopyDrop32x32..#..Cursor.MoveDrop.32x32.File=win32_MoveDrop32x32.gif..Cursor.MoveDrop.32x32.HotSpot=0,0..Cursor.MoveDrop.32x32.Name=MoveDrop32x32..#..Cursor.LinkDrop.32x32.File=win32_LinkDrop32x32.gif..Cursor.LinkDrop.32x32.HotSpot=0,0..Cursor.LinkDrop.32x32.Name=LinkDrop32x32..#..Cursor.CopyNoDrop.32x32.File=win32_CopyNoDrop32x32.gif..Cursor.CopyNoDrop.32x32.HotSpot=6,2..Cursor.CopyNoDrop.32x32.Name=CopyNoDrop32x32..#..Cursor.MoveNoDrop.32x32.File=win32_MoveNoDrop32x32.gif..Cursor.MoveNoDrop.32x32.Ho
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):153
                                                                                                                                                                                                Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):165
                                                                                                                                                                                                Entropy (8bit):6.347455736310776
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:CruuU/XExlHrBwM7Qt/wCvTjh2Azr8ptBNKtWwUzJ7Ful5u44JyYChWn:KP0URwMcx3UAzADBNwUlBul5TLYMWn
                                                                                                                                                                                                MD5:89CDF623E11AAF0407328FD3ADA32C07
                                                                                                                                                                                                SHA1:AE813939F9A52E7B59927F531CE8757636FF8082
                                                                                                                                                                                                SHA-256:13C783ACD580DF27207DABCCB10B3F0C14674560A23943AC7233DF7F72D4E49D
                                                                                                                                                                                                SHA-512:2A35311D7DB5466697D7284DE75BABEE9BD0F0E2B20543332FCB6813F06DEBF2457A9C0CF569449C37F371BFEB0D81FB0D219E82B9A77ACC6BAFA07499EAC2F7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GIF89a.. ................!.......,...... ...vL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj........k.-mF.. V..9'......f.T....w.xW.B.....P..;
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):153
                                                                                                                                                                                                Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):168
                                                                                                                                                                                                Entropy (8bit):6.465243369905675
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:CruuU/XExlHrZauowM7Qt/wCvTjh2Azr8ptBNKtWwUzJZmQYRNbC1MIQvEn:KP0UpawMcx3UAzADBNwUlZaCzn
                                                                                                                                                                                                MD5:694A59EFDE0648F49FA448A46C4D8948
                                                                                                                                                                                                SHA1:4B3843CBD4F112A90D112A37957684C843D68E83
                                                                                                                                                                                                SHA-256:485CBE5C5144CFCD13CC6D701CDAB96E4A6F8660CBC70A0A58F1B7916BE64198
                                                                                                                                                                                                SHA-512:CF2DFD500AF64B63CC080151BC5B9DE59EDB99F0E31676056CF1AFBC9D6E2E5AF18DC40E393E043BBBBCB26F42D425AF71CCE6D283E838E67E61D826ED6ECD27
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GIF89a.. ................!.......,...... ...yL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj........k.-mF.6.'.....`1]......u.Q.r.V..C......f.P..;
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):153
                                                                                                                                                                                                Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):147
                                                                                                                                                                                                Entropy (8bit):6.147949937659802
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:CruuU/XExlHrSauZKwM7Qt/wCvTjh2Azr8ptBNKtWXOh6WoXt2W:KP0UvEKwMcx3UAzADBNXOh6h9p
                                                                                                                                                                                                MD5:CC8DD9AB7DDF6EFA2F3B8BCFA31115C0
                                                                                                                                                                                                SHA1:1333F489AC0506D7DC98656A515FEEB6E87E27F9
                                                                                                                                                                                                SHA-256:12CFCE05229DBA939CE13375D65CA7D303CE87851AE15539C02F11D1DC824338
                                                                                                                                                                                                SHA-512:9857B329ACD0DB45EA8C16E945B4CFA6DF9445A1EF457E4B8B40740720E8C658301FC3AB8BDD242B7697A65AE1436FD444F1968BD29DA6A89725CDDE1DE387B8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GIF89a.. ................!.......,...... ...dL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj.....-.kj..m.....X,&.......S..;
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):153
                                                                                                                                                                                                Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):58
                                                                                                                                                                                                Entropy (8bit):4.4779965120705425
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:CEBqRM9LTAGQdLV6ETEBqRM9LHQIuHPy:CEAsnAbLlszQdy
                                                                                                                                                                                                MD5:3C2B9CCAAD3D986E5874E8C0F82C37CF
                                                                                                                                                                                                SHA1:D1DDA4A2D5D37249C8878437DBF36C6AE61C33D1
                                                                                                                                                                                                SHA-256:D5BCD7D43E383D33B904CFF6C80ACE359DBE2CE2796E51E9743358BD650E4198
                                                                                                                                                                                                SHA-512:4350CCA847D214479C6AE430EB71EE98A220EA10EC175D0AB317A8B43ABC9B4054E41D0FF383F26D593DE825F761FB93704E37292831900F31E5E38167A41BAB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:javafx.runtime.version=8.0.101..javafx.runtime.build=b13..
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):476286
                                                                                                                                                                                                Entropy (8bit):7.905283162751186
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:k4VtaECp5plmgYhuWvHuR9Ta/+Aw7okxygk+W:kUChlHYHMaHw7XxW
                                                                                                                                                                                                MD5:5D8C1723F3005BD63DBA2B478CE15621
                                                                                                                                                                                                SHA1:AB26A6167789DCF81A0C40D121DC91005804C703
                                                                                                                                                                                                SHA-256:B637B78CFC33C92D4838D5FABFD0647CE03C3EF69D86EF6A7E6F229510AAF3B5
                                                                                                                                                                                                SHA-512:9830CCDFE913A492BB4E0015EE3E729BEA8EC1F22EDF48ED7CE2AEFD5376DF24F33948B9155E31EDFA9BC240544406FD2C43A34DD1366E4936B3318D3CA5ED1C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK...........H................META-INF/....PK...........H...7Z...e.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...y...R.KRSt.*...L....u....4....sR......K..5y.x..PK...........H................com/PK...........H................com/sun/PK...........H................com/sun/javaws/PK...........H................com/sun/javaws/exceptions/PK...........H................com/sun/javaws/jnl/PK...........H................com/sun/javaws/net/PK...........H................com/sun/javaws/net/protocol/PK...........H............ ...com/sun/javaws/net/protocol/jar/PK...........H................com/sun/javaws/progress/PK...........H................com/sun/javaws/security/PK...........H................com/sun/javaws/ui/PK...........H................com/sun/javaws/util/PK...........H................com/sun/jnlp/PK...........H................javax/PK...........H................javax/jnlp/PK...........H~p4=........#...com/sun/javaws/BrowserSupport.class.RMO.1.}...].H @.|.|(...P..B.....
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):114950
                                                                                                                                                                                                Entropy (8bit):7.912507028584016
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:5sNJO+ylt6se6sgU0w/XzGYWuSy15DudYLSfaxwpt5g1naZEqwoJ8sYcF+z/VSG8:aj8GHXZSy1pudYLdQe1ATtKVS+ws9O
                                                                                                                                                                                                MD5:A39F61D6ED2585519D7AF1E2EA029F59
                                                                                                                                                                                                SHA1:52515AC6DEAB634F3495FD724DEA643EE442B8FD
                                                                                                                                                                                                SHA-256:60724D9E372FBE42759349A06D3426380CA2B9162FA01EB2C3587A58A34AD7E0
                                                                                                                                                                                                SHA-512:AC2E9AB749F5365BE0FB8EBD321E8F231D22EAE396053745F047FCBCCF8D3DE2F737D3C37A52C715ADDFBDBD18F14809E8B37B382B018B58A76E063EFBA96948
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........gwHG................META-INF/MANIFEST.MF.Y....Y.C,j.m.,....z..I &1.m....b........D..+.$t......]....h.o......x...~..?..<@....7#n3.......m../\..u..>.....#......~.K..A..x ..../J...xa..,.._...G...?^...{...>.uj.AQ?^h....c_.pc..W....c.A..`....-.~ak.....^.&.......l.......X.kG.~yg..f......Z..b..L|......4....`..}........mG.o.....kU..*;W.HCU....e.....V..,...1Y.z<.n.A.j.....P..S.($,z........uD".9;..q...k.:p3pW......O...(....\.B...2...#.,.;w.q..k0r.el\F.^.!p..$.....}.9..lhf.P..:.E.&Lf..5.7....W.A.....[7.N}..+.J!.9.Gl.... ...rL.B}.Q.,.'.....@...W.ry[Ok&.......o...dp%..2.\.[2.........fB.p..Xd._.lA....xw..`.r..8...o.....ad}-..;...6....e...F.&e\....'...fA.Db.......%.@..^..U...*..q<.Z.K.T...."r.b...7@8.)4..~.4b....Y.q..u..N..|...e.#.I....4c{.....g.R....]......F.fo.F.u.).F.Z]..(.c|s....u.i..8..=..N%....]...)Xj\..t..w..ql..n.....2..u...|x$7YL.M.?..]..W...m^].~...{....I..{......[-..].f....Sc..c..6..kN.>....7x.k..a7S......8..e.w....*......&.;.
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):560553
                                                                                                                                                                                                Entropy (8bit):5.781566946934384
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:G5l+qU67FYWg+YWgYWeoXqgYSq8eh2f/m5NwaHkSIJHvWQ6Q7ooMcgH5lY7TQ5cD:G5l+qU67FYWg+YWgYWeoXqgYSq8eh2f3
                                                                                                                                                                                                MD5:CCB395235C35C3ACBA592B21138CC6AB
                                                                                                                                                                                                SHA1:29C463AA4780F13E77FB08CC151F68CA2B2958D5
                                                                                                                                                                                                SHA-256:27AD8EA5192EE2D91BA7A0EACE9843CB19F5E145259466158C2F48C971EB7B8F
                                                                                                                                                                                                SHA-512:D4C330741387F62DD6E52B41167CB11ABD8615675FE7E1C14AE05A52F87A348CBC64B56866AE313B2906B33CE98BE73681F769A4A54F6FE9A7D056F88CF9A4E1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........t..H................META-INF/....PK........t..H.s0>...>.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....PK...........HB.<>^...^...8...com/oracle/jrockit/jfr/client/EventSettingsBuilder.class.......4....5.f..g....f..4.h..4.i..j....f..4.k..l....m..4.n..o....f..4.p..q..r....f....s....t....u....v..w..x..y....z..{....|....}....~.................................#.........................)...................................................eventDefaultSets...Ljava/util/ArrayList;...Signature..DLjava/util/ArrayList<Loracle/jrockit/jfr/settings/EventDefaultSet;>;...settings..ALjava/util/ArrayList<Loracle/jrockit/jfr/settings/EventSetting;>;...eventDescriptorType..2Loracle/jrockit/jfr/openmbean/
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):20670
                                                                                                                                                                                                Entropy (8bit):4.627043889535612
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:VOMjUVCEM0Ut0ZINFWbqsZSwOVzx8xyxxxbAJ1muS7khPdyPsXZd2ZhptEgReW82:VONVTVgF9SsTMLA
                                                                                                                                                                                                MD5:47495DA4E7B3AF33F5C3ED1E35AC25AE
                                                                                                                                                                                                SHA1:F6DE88A4C6AE0C14B9F875FB4BC4721A104CB0EE
                                                                                                                                                                                                SHA-256:37D19EAC73DEEB613FBB539AE7E7C99339939EB3EFEC44E9EB45F68426E9F159
                                                                                                                                                                                                SHA-512:74DBEB118575B8881D5B43270EF878162DBDC222AC6D20F04699B2B733427347ABC76D6E82BF7728FCC435129B114E4C75D011FC5DDDEAF5A59E137BBC81F2B9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8"?>.... .. Recommended way to edit .jfc files is to use Java Mission Control,.. see Window -> Flight Recorder Template Manager...-->....<configuration version="1.0" name="Continuous" description="Low overhead configuration safe for continuous use in production environments, typically less than 1 % overhead." provider="Oracle">.... <producer uri="http://www.oracle.com/hotspot/jvm/" label="Oracle JDK">.... <control>.... .. Contents of the control element is not read by the JVM, it's used.. by Java Mission Control to change settings that carry the control attribute... -->.... <selection name="gc-level" default="detailed" label="Garbage Collector">.. <option label="Off" name="off">off</option>.. <option label="Normal" name="detailed">normal</option>.. <option label="All" name="all">all</option>.. </selection>.... <condition name="gc-enabled-normal" true="true" false="fals
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):20626
                                                                                                                                                                                                Entropy (8bit):4.626761353117893
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:VeMjUECOwMsUt0ZINFWbqeZSwOVza8ayaxabAJ1duSikhPdyPsXZd2ZhptEgReWL:VeNEg/gF/ZnixLy
                                                                                                                                                                                                MD5:5480BEF2CA99090857E5CBF225C12A78
                                                                                                                                                                                                SHA1:E1F73CA807EC14941656FBE3DB6E5E5D9032041D
                                                                                                                                                                                                SHA-256:5FB0982C99D6BF258335FB43AAAE91919804C573DFD87B51E05C54ADB3C0392B
                                                                                                                                                                                                SHA-512:65FE0D6DA17E62CF29875910EB84D57BC5BB667C753369B4F810028C0995E63C322FAD2EB99658B6C19E11E8D2A40CB11B3C09943EB9C0B88F45626579ECE058
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8"?>.... .. Recommended way to edit .jfc files is to use Java Mission Control,.. see Window -> Flight Recorder Template Manager...-->....<configuration version="1.0" name="Profiling" description="Low overhead configuration for profiling, typically around 2 % overhead." provider="Oracle">.... <producer uri="http://www.oracle.com/hotspot/jvm/" label="Oracle JDK">.... <control>.... .. Contents of the control element is not read by the JVM, it's used.. by Java Mission Control to change settings that carry the control attribute... -->.... <selection name="gc-level" default="detailed" label="Garbage Collector">.. <option label="Off" name="off">off</option>.. <option label="Normal" name="detailed">normal</option>.. <option label="All" name="all">all</option>.. </selection>.... <condition name="gc-enabled-normal" true="true" false="false">.. <or>.. <test name="
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):33932
                                                                                                                                                                                                Entropy (8bit):7.930702746433849
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:xYJfTGikW6VajSe/SA5vN9kqizE48ojVxQYuW+t:xY5TpkK/nFNIzptjVxYHt
                                                                                                                                                                                                MD5:C401E00A5DE0DD9723885CEF9E2F5A44
                                                                                                                                                                                                SHA1:B6735B93811517F062A20869D8A0B57FAEFF6A90
                                                                                                                                                                                                SHA-256:C6574F4763696F2A83028DE143D9ED1C975062BA2D44CC5C91558751FB84BCD6
                                                                                                                                                                                                SHA-512:595B950AD5BFF930654BF7FB996BA222D19B4F175821AB0FD6EC4F54D4B7D62B37757429051D1302BC438AB76350B4CD0A07BA712CAECC79DCDB0C60494B5AB2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK...........H................META-INF/....PK...........H.E..Z...g.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%-..x...R.KRSt.*A.-...M.t....4....sR......K..5y.x..PK...........H................javafx/PK...........H................javafx/embed/PK...........H................javafx/embed/swt/PK...........Hj...........%...javafx/embed/swt/CustomTransfer.class.T[S.F.=.MX(..!............8..`h.d....." yd..........4....%..k.N..ka.83..[.....|+...........#.OD..1...1.1.S1....*>..I..TL.....Y..*.S.q.-KAja..6.M.Y7V|.v...e............+...u...Z.....Z......k...O.v.....x..f...M.v...~I....j.N.(.R.... ..n.%).l:.N..,J...-.%.os:.v.K..V.._p.u.l..e...S5...^.....3+.Yy.h.RtGR..y.)..~...g..R.;5K...{.G.*..X.JP....D....8..[3.g...'d.e#Z.|c.j.t..F.w..t.W.j.,K[q.^..E.=M.a..6d.Z..yV.....=..........:.WG.............RA.<......qT...,*.=.....t\......(aI.2.....!..Jp.,..<.x..n.S....N.K.e.W....N.-..`....hmQ.E.fGE..$..n...4I{.......l_.)......?.Z>...t
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):633957
                                                                                                                                                                                                Entropy (8bit):6.018176262975427
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:ABoQeW0HKwYGORU+ehqEmke1WEAibVR0GPs4j8GgflXhuuMAjYDTj:Uo40WGdNmpb3DP75
                                                                                                                                                                                                MD5:FD1434C81219C385F30B07E33CEF9F30
                                                                                                                                                                                                SHA1:0B5EE897864C8605EF69F66DFE1E15729CFCBC59
                                                                                                                                                                                                SHA-256:BC3A736E08E68ACE28C68B0621DCCFB76C1063BD28D7BD8FCE7B20E7B7526CC5
                                                                                                                                                                                                SHA-512:9A778A3843744F1FABAD960AA22880D37C30B1CAB29E123170D853C9469DC54A81E81A9070E1DE1BF63BA527C332BB2B1F1D872907F3BDCE33A6898A02FEF22D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........u..H................META-INF/....PK........u..H.s0>...>.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....PK...........H....E...E...+...com/sun/net/ssl/internal/ssl/Provider.class.......4...............................serialVersionUID...J...ConstantValue.,..c".J-...<init>...()V...Code...LineNumberTable...(Ljava/security/Provider;)V...(Ljava/lang/String;)V...isFIPS...()Z...install...SourceFile...Provider.java......................%com/sun/net/ssl/internal/ssl/Provider...sun/security/ssl/SunJSSE.1.......................................!........*...................)...*............."........*+......................./............."........*+...................3...4.)........................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Algol 68 source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4312
                                                                                                                                                                                                Entropy (8bit):4.756104846669624
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:6VprYJmprYJD9Y3t3qFKPG7hLxVJgdTsfbFfcwQoPv:6HrsursD9Y3t36KPG7HyoBQoX
                                                                                                                                                                                                MD5:AD91D69A4129D31D72FBE288FF967943
                                                                                                                                                                                                SHA1:CB510AFCDBECEA3538C3F841C0440194573DBB65
                                                                                                                                                                                                SHA-256:235A50D958FAEDDE808D071705A6D603F97611F568EEC40D7444984B984A4B18
                                                                                                                                                                                                SHA-512:600BEE4676D26E2CE5B9171582540021509A4D7888C9C7BADC14F0FAD07007E4CE2B4C007A8EB15BD0D977722B8B34442012EA972FFBD72797475A56CDFD86EE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions..are met:.... - Redistributions of source code must retain the above copyright.. notice, this list of conditions and the following disclaimer..... - Redistributions in binary form must reproduce the above copyright.. notice, this list of conditions and the following disclaimer in the.. documentation and/or other materials provided with the distribution..... - Neither the name of Oracle nor the names of its.. contributors may be used to endorse or promote products derived.. from this software without specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS..IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,..THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR..PURP
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2514
                                                                                                                                                                                                Entropy (8bit):4.525846572478507
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:/GXieQT8cg6ZGBjn4stbaWUwO61xFMxO9:OXieW8nBjn4x613Mw9
                                                                                                                                                                                                MD5:0AA5D5EFDB4F2B92BEBBEB4160AA808B
                                                                                                                                                                                                SHA1:C6F1B311A4D0790AF8C16C1CA9599D043BA99E90
                                                                                                                                                                                                SHA-256:A3148336160EA7EF451052D1F435F7C9D96EEB738105AC730358EDADA5BD45A2
                                                                                                                                                                                                SHA-512:A52C2B784CF0B01A2AF3066F4BB8E7FD890A86CFD82359A22266341942A25333D4C63BA2C02AA43ADE872357FC9C8BBC60D311B2AF2AD2634D60377A2294AFDD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:############################################################..# .Default Logging Configuration File..#..# You can use a different file by specifying a filename..# with the java.util.logging.config.file system property. ..# For example java -Djava.util.logging.config.file=myfile..############################################################....############################################################..# .Global properties..############################################################....# "handlers" specifies a comma separated list of log Handler ..# classes. These handlers will be installed during VM startup...# Note that these classes must be on the system classpath...# By default we only configure a ConsoleHandler, which will only..# show messages at the INFO and above levels...handlers= java.util.logging.ConsoleHandler....# To also add the FileHandler, use the following line instead...#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler....# Default global
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):381
                                                                                                                                                                                                Entropy (8bit):4.99308306420453
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6:5ji0B4r/Rjiszbdy/oocj+sqX2K5YZ5/CUMQxxi6m4xijgxmzbdGh/4:5ji0GJjiIq1cCvXPA/CUMQxoeocx2K/4
                                                                                                                                                                                                MD5:B608D45DCDD7A4CAD6A63A89A002F683
                                                                                                                                                                                                SHA1:F6E3BB7050C3B1A3BED9B33122C4A98E6B9A810D
                                                                                                                                                                                                SHA-256:52CA96531445B437DCA524CB3714FCD8D70221D37A6B9C80F816713C3040DD0A
                                                                                                                                                                                                SHA-512:407E7CA807826F0E41B085BCA0F54F0134E3B9AC16FA5480EDE02774067DAD46AA07D225BA2981DEC2A7297EA57721EAB8C54E8BED83D352EC6C00ABFDBBF626
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........t..H................META-INF/......PK..............PK........t..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r9....:.$..[).....&.%....E..r.\.E....y...r..PK.....k.......PK..........t..H..............................META-INF/....PK..........t..H...k.....................=...META-INF/MANIFEST.MFPK..........}.........
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4077
                                                                                                                                                                                                Entropy (8bit):4.472483528668558
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:eii7cSoFKfgCe/D4dtQN+wvohSoVGPbPvRZUIpeDMy:eiiISokfXeEk+wQhnMPbnRZR7y
                                                                                                                                                                                                MD5:41B36D832BE39A3CF0F3D7760E55FDCB
                                                                                                                                                                                                SHA1:E706E9BE75604A13DFCC5A96B1720A544D76348B
                                                                                                                                                                                                SHA-256:71A930CBE577CBABB4269650C98D227F739E0D4B9C0B44830DD3D52F5015BE1F
                                                                                                                                                                                                SHA-512:41E6B8639C1CEB3D09D2FDEEEBA89FFA17C4ED8B1AD0DF1E5AB46C4BF178688D5504DC5A3C854226F7DA23DFA0EDAB0D035D6B56495829F43AAA2A7BABEC4273
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:######################################################################..# Default Access Control File for Remote JMX(TM) Monitoring..######################################################################..#..# Access control file for Remote JMX API access to monitoring...# This file defines the allowed access for different roles. The..# password file (jmxremote.password by default) defines the roles and their..# passwords. To be functional, a role must have an entry in..# both the password and the access files...#..# The default location of this file is $JRE/lib/management/jmxremote.access..# You can specify an alternate location by specifying a property in ..# the management config file $JRE/lib/management/management.properties..# (See that file for details)..#..# The file format for password and access files is syntactically the same..# as the Properties file format. The syntax is described in the Javadoc..# for java.util.Properties.load...# A typical access file has multiple
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2920
                                                                                                                                                                                                Entropy (8bit):4.545881645777106
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:MRSflLrmpop7JN/PgP8KAeoYsnZyhNMVJKWfVStEqwP0pba:Mkv7ngUZYsnRnfYdhE
                                                                                                                                                                                                MD5:5DD28AAF5A06C946DF7B223F33482FDF
                                                                                                                                                                                                SHA1:D09118D402CA3BA625B165ECACE863466D7F4CE9
                                                                                                                                                                                                SHA-256:24674176A4C0E5EEFB9285691764EA06585D90BBDAF5BF40C4220DE7CA3E3175
                                                                                                                                                                                                SHA-512:13C6F37E969A5AECE2B2F938FA8EBF6A72C0C173678A026E77C35871E4AE89404585FB1A3516AE2CA336FC47EAB1F3DD2009123ADBA9C437CD76BA654401CBDF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# ----------------------------------------------------------------------..# Template for jmxremote.password..#..# o Copy this template to jmxremote.password..# o Set the user/password entries in jmxremote.password..# o Change the permission of jmxremote.password to read-only..# by the owner...#..# See below for the location of jmxremote.password file...# ----------------------------------------------------------------------....##############################################################..# Password File for Remote JMX Monitoring..##############################################################..#..# Password file for Remote JMX API access to monitoring. This..# file defines the different roles and their passwords. The access..# control file (jmxremote.access by default) defines the allowed..# access for each role. To be functional, a role must have an entry..# in both the password and the access files...#..# Default location of this file is $JRE/lib/management/jmx
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14415
                                                                                                                                                                                                Entropy (8bit):4.623139916889837
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:PLrOKIXaIr8Jzc90OEqfmdbHHHN6pDIdpgzri:PLrOKIXaIgYiOE0mdbHHHNGD4p0+
                                                                                                                                                                                                MD5:054E093240388F0322604619EF643F18
                                                                                                                                                                                                SHA1:6E110C2A5D813013E9C57700BE8B0D17896E950C
                                                                                                                                                                                                SHA-256:BF41D73EAB0DA8222FE24255E1BBF68327FB02B1A4F1E7A81B9C7B539033FFB2
                                                                                                                                                                                                SHA-512:BD60C6271CDEFFFF4563E6E2CF97C176D86F160092D1FFCBE7EEFE714BA75DDC5FB4E848A5FDBE7A1D1510720D92AF6A176A76DE2CC599F27E4BEAE8E692C5D3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#####################################################################..#.Default Configuration File for Java Platform Management..#####################################################################..#..# The Management Configuration file (in java.util.Properties format)..# will be read if one of the following system properties is set:..# -Dcom.sun.management.jmxremote.port=<port-number>..# or -Dcom.sun.management.snmp.port=<port-number>..# or -Dcom.sun.management.config.file=<this-file>..#..# The default Management Configuration file is:..#..# $JRE/lib/management/management.properties..#..# Another location for the Management Configuration File can be specified..# by the following property on the Java command line:..#..# -Dcom.sun.management.config.file=<this-file>..#..# If -Dcom.sun.management.config.file=<this-file> is set, the port..# number for the management agent can be specified in the config file..# using the following lines:..#..# ################ Management Agen
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3486
                                                                                                                                                                                                Entropy (8bit):4.4357861198752975
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:MlXHR6+76EX0o8KA0Esns+ek2OrRC9AUE4T7AKQi2r8BKS3GpPsDu0cpUxJAJKk3:M9HRb7l0FAEsnJKmS32X00h
                                                                                                                                                                                                MD5:9D9EC1BB9E357BBFB72B077E4AF5F63F
                                                                                                                                                                                                SHA1:6484B03DBE9687216429D3A6F916773C060E15CE
                                                                                                                                                                                                SHA-256:8B02A29BC61B0F7203DF7CA94140F80D2C6A1138064E0441DFD621CF243A0339
                                                                                                                                                                                                SHA-512:5FE39BBFCA806CE45871A6223D80FA731EFAA5D31C3B97EE055AB77EAF3833342945F39E9858335D9DD358B4B7F984FFADE741452E19B60B8E510AA74AC02C00
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# ----------------------------------------------------------------------..# Template for SNMP Access Control List File..#..# o Copy this template to snmp.acl..# o Set access control for SNMP support..# o Change the permission of snmp.acl to be read-only..# by the owner...#..# See below for the location of snmp.acl file...# ----------------------------------------------------------------------....############################################################..# SNMP Access Control List File ..############################################################..#..# Default location of this file is $JRE/lib/management/snmp.acl...# You can specify an alternate location by specifying a property in ..# the management config file $JRE/lib/management/management.properties..# or by specifying a system property (See that file for details)...#......##############################################################..# File permissions of the snmp.acl file..######################
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2126
                                                                                                                                                                                                Entropy (8bit):4.970874214349507
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:EE796OfeCiuG2M5tP5iMmC5KOAY2HQii+r4IzteKk:EnEiuGJbP5lmC5KOA3HQii+EIz8Kk
                                                                                                                                                                                                MD5:91AA6EA7320140F30379F758D626E59D
                                                                                                                                                                                                SHA1:3BE2FEBE28723B1033CCDAA110EAF59BBD6D1F96
                                                                                                                                                                                                SHA-256:4AF21954CDF398D1EAE795B6886CA2581DAC9F2F1D41C98C6ED9B5DBC3E3C1D4
                                                                                                                                                                                                SHA-512:03428803F1D644D89EB4C0DCBDEA93ACAAC366D35FC1356CCABF83473F4FEF7924EDB771E44C721103CEC22D94A179F092D1BFD1C0A62130F076EB82A826D7CB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:% VERSION 2..% WARNING: this file is auto-generated; do not edit..% UNSUPPORTED: this file and its format may change and/or..% may be removed in a future release..# charsets.jar..sun/nio..sun/awt..# jce.jar..javax/crypto..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# jfr.jar..oracle/jrockit/..jdk/jfr..com/oracle/jrockit/..! jsse.jar..sun/security..com/sun/net/..! management-agent.jar..@ resources.jar..com/sun/java/util/jar/pack/..META-INF/services/sun.util.spi.XmlPropertiesProvider..META-INF/services/javax.print.PrintServiceLookup..com/sun/corba/..META-INF/services/javax.sound.midi.spi.SoundbankReader..sun/print..META-INF/services/javax.sound.midi.spi.MidiFileReader..META-INF/services/sun.java2d.cmm.CMMServiceProvider..javax/swing..META-INF/services/javax.sound.sampled.spi.AudioFileReader..META-INF/services/javax.sound.midi.spi.MidiDeviceProvider..sun/net..META-INF/services/javax.sound.sampled.spi.AudioFileWriter..com/sun/imageio/..META-INF/services/sun.java2d.pipe.Ren
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3144
                                                                                                                                                                                                Entropy (8bit):4.858724831876285
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:VBnTRxiW1nTbXMROXX6zcjd6vEzcoZDTzcj8L0zccfbb6wB:VBnvisPMQ6z+zPVzv0zVfvT
                                                                                                                                                                                                MD5:1CBB261944925044B1EE119DC0563D05
                                                                                                                                                                                                SHA1:05F2F63047F4D82F37DFA59153309E53CAA4675C
                                                                                                                                                                                                SHA-256:5BAF75BDD504B2C80FF5B98F929A16B04E9CB06AA8AAE30C144B5B40FEBE0906
                                                                                                                                                                                                SHA-512:C964A92BE25BACF11D20B61365930CAB28517D164D9AE4997651E2B715AA65628E45FA4BD236CCD507C65E5D85A470FD165F207F446186D22AE4BD46A04006E6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:############################################################..# .Default Networking Configuration File..#..# This file may contain default values for the networking system properties...# These values are only used when the system properties are not specified..# on the command line or set programatically...# For now, only the various proxy settings can be configured here...############################################################....# Whether or not the DefaultProxySelector will default to System Proxy..# settings when they do exist...# Set it to 'true' to enable this feature and check for platform..# specific proxy settings..# Note that the system properties that do explicitely set proxies..# (like http.proxyHost) do take precedence over the system settings..# even if java.net.useSystemProxies is set to true... ..java.net.useSystemProxies=false....#------------------------------------------------------------------------..# Proxy configuration for the various protocol handlers...# D
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1012097
                                                                                                                                                                                                Entropy (8bit):7.896417877823185
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:q7jNpf26MPAMSL/wxSz2ijt2eejo+oV3vv:6NVZEaL4xSljt2eHNV3
                                                                                                                                                                                                MD5:54EF6C22FAAAE5850091031763078D37
                                                                                                                                                                                                SHA1:11D40B78BB606E245CB5E17C6DDB08193A34B40E
                                                                                                                                                                                                SHA-256:654B033B1DC315EB9806F0D35ABAF3F25064AC806292ACB2BD818F6B2DF2AD07
                                                                                                                                                                                                SHA-512:10998B6508D5571E1ECE2001C6E561169D3DBD7580A3DE439067D1195FBE85E6BD1729A0874E306234391AF963E1B062050276E1AC0E9C9FA289711738B41B31
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........!..H................META-INF/....PK........ ..H...7Z...e.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...y...R.KRSt.*...L....u....4....sR......K..5y.x..PK...........H................com/PK...........H................com/sun/PK...........H................com/sun/deploy/PK...........H................com/sun/deploy/uitoolkit/PK...........H................com/sun/deploy/uitoolkit/impl/PK........!..H............"...com/sun/deploy/uitoolkit/impl/awt/PK...........H............#...com/sun/deploy/uitoolkit/impl/text/PK...........H................com/sun/deploy/uitoolkit/ui/PK...........H................com/sun/java/PK...........H................com/sun/java/browser/PK...........H................com/sun/java/browser/plugin2/PK...........H............)...com/sun/java/browser/plugin2/liveconnect/PK...........H............,...com/sun/java/browser/plugin2/liveconnect/v1/PK...........H................netscape/PK...........H................netscape/javascript/PK.........
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2915
                                                                                                                                                                                                Entropy (8bit):5.2172692442941075
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:GgQv18IsTJvuUdEt6u7KeblbhGwQEvzZIE+i+WEi+Iq4fNSg2kv:Gb6Xha1hFGwQEvdh+5g2kv
                                                                                                                                                                                                MD5:A38587427E422D55B012FA3E5C9436D2
                                                                                                                                                                                                SHA1:7BD1B81B39DA78124BE045507E0681E860921DBB
                                                                                                                                                                                                SHA-256:D2C47DE948033ED836B375CCD518CF55333FE11C4CED56BC1CE2FF62114CF546
                                                                                                                                                                                                SHA-512:EA6CA975E9308ED2B3BBCCE91EE61142DAB0067CE8F17CB469929F6136E6B4A968BAC838141D8B38866F9EF5E15E156400859CCCC84FB114214E19556F0DC636
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..#..# Copyright (c) 1996, 2000, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....#..#.Japanese PostScript printer property file..#..font.num=16..#..serif=serif..timesroman=serif..sansserif=sansserif..helvetica=sansserif..monospaced=monospaced..courier=monospaced..dialog=sansserif..dialoginput=monospaced..#..serif.latin1.plain=Times-Roman..serif.latin1.italic=Times-Italic..serif.latin1.bolditalic=Times-BoldItalic..serif.latin1.bold=Times-Bold..#..sansserif.latin1.plain=Helvetica..sansserif.latin1.italic=Helvetica-Oblique..sansserif.latin1.bolditalic=Helvetica-BoldOblique..sansserif.latin1.bold=Helvetica-Bold..#..monospaced.latin1.plain=Courier..monospaced.latin1.italic=Courier-Oblique..monospaced.latin1.bolditalic=Courier-BoldOblique..monospaced.latin1.bold=Courier-Bold..#..serif.x11jis0208.plain=Ryumin-Light-H..serif.x11jis0208.italic=Ryumin-Light-H
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10716
                                                                                                                                                                                                Entropy (8bit):5.016037435830914
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:Jp22HdiEUEdWUcPeJ7fbdHmcbiLMWNDyZcy57ha1xh3qvfRdIdyJkW:u2HdiEUEdGY1gbD9TKdIdyJkW
                                                                                                                                                                                                MD5:66B3E6770C291FE8CD3240FFBB00DC47
                                                                                                                                                                                                SHA1:88CE9D723A2D4A07FD2032A8B4A742FE323EEC8F
                                                                                                                                                                                                SHA-256:7EA6E05D3B8B51D03C3D6548E709C220541DF0F1AEE2E69B9101C9F051F7C17A
                                                                                                                                                                                                SHA-512:D1B99AA011568AFFA415758C986B427588AE87FE5EB7FC52D519F7167AD46BBFF8B62799F14D8DBC7C55DEB6FF7259445D6E8882CC781D61206ED1B79B688745
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..#..# Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....#..#.PostScript printer property file for Java 2D printing...#..# WARNING: This is an internal implementation file, not a public file...# Any customisation or reliance on the existence of this file and its..# contents or syntax is discouraged and unsupported...# It may be incompatibly changed or removed without any notice...#..#..font.num=35..#..# Legacy logical font family names and logical font aliases should all..# map to the primary logical font names...#..serif=serif..times=serif..timesroman=serif..sansserif=sansserif..helvetica=sansserif..dialog=sansserif..dialoginput=monospaced..monospaced=monospaced..courier=monospaced..#..# Next, physical fonts which can be safely mapped to standard postscript fonts..# These keys generally map to a value which is the same as the key, so
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3490933
                                                                                                                                                                                                Entropy (8bit):6.067002853185717
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:WX4zfeUcKDQ1toKXiO3fLxqhH3YRazQwIK7XgnyRMvMtMm55HopLKbtJzUkMkOBV:GL
                                                                                                                                                                                                MD5:9A084B91667E7437574236CD27B7C688
                                                                                                                                                                                                SHA1:D8926CC4AA12D6FE9ABE64C8C3CB8BC0F594C5B1
                                                                                                                                                                                                SHA-256:A1366A75454FC0F1CA5A14EA03B4927BB8584D6D5B402DFA453122AE16DBF22D
                                                                                                                                                                                                SHA-512:D603AA29E1F6EEFFF4B15C7EBC8A0FA18E090D2E1147D56FD80581C7404EE1CB9D6972FCF2BD0CB24926B3AF4DFC5BE9BCE1FE018681F22A38ADAA278BF22D73
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK...........H................META-INF/....PK...........H.s0>...>.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....PK...........H....$...$.......META-INF/mailcap.default#.# This is a very simple 'mailcap' file.#.image/gif;;..x-java-view=com.sun.activation.viewers.ImageViewer.image/jpeg;;..x-java-view=com.sun.activation.viewers.ImageViewer.text/*;;..x-java-view=com.sun.activation.viewers.TextViewer.text/*;;..x-java-edit=com.sun.activation.viewers.TextEditor.PK...........H..{~2...2.......META-INF/mimetypes.default#.# A simple, old format, mime.types file.#.text/html..html htm HTML HTM.text/plain..txt text TXT TEXT.image/gif..gif GIF.image/ief..ief.image/jpeg..jpeg jpg jpe JPG.image/tiff..tiff tif.
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):63602929
                                                                                                                                                                                                Entropy (8bit):5.963369315504544
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:786432:WyfysbZyGp7g85KKwcl0HeJgyll3LTjjA:F0GZTjjA
                                                                                                                                                                                                MD5:EDB5B5B3EF4565E4E86BFFE647FB1AA2
                                                                                                                                                                                                SHA1:11F5B1B2D729309059B1BD1FE2922251D9451D5F
                                                                                                                                                                                                SHA-256:D00351BD39DE7DBF9E9FDBB9EE1FD82189189F9BC82E988B58E1E950D1D4BDC8
                                                                                                                                                                                                SHA-512:05E7F9ED915610B70664EB7CB68F3F0BBA5BD5CF208BBDB54007DA5FF6311A6DDBBF057E0DF5A346C9042333C29E5C766B2C0A686628F8655C2E75061A9179C1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK...........H................META-INF/....PK...........H.5.%...%.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....Name: javax/swing/JCheckBoxMenuItem.class..Java-Bean: True....Name: javax/swing/JDialog.class..Java-Bean: True....Name: javax/swing/JSlider.class..Java-Bean: True....Name: javax/swing/JTextField.class..Java-Bean: True....Name: javax/swing/JTextPane.class..Java-Bean: True....Name: javax/swing/JTextArea.class..Java-Bean: True....Name: javax/swing/JList.class..Java-Bean: True....Name: javax/swing/JFormattedTextField.class..Java-Bean: True....Name: javax/swing/JApplet.class..Java-Bean: True....Name: javax/swing/JSpinner.class..Java-Bean: True....Name: javax/swing/JLabel.class..Java-Bean
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3026
                                                                                                                                                                                                Entropy (8bit):7.48902128028383
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:9JJweDY2LXQ4lAAldrou1YgH767KWajaHpwrHZt0H9BRJgfHilVVt2+HZ:PCcY26Iou1YgHqK3WJGeHn8fH4VVttHZ
                                                                                                                                                                                                MD5:EE4ED9C75A1AAA04DFD192382C57900C
                                                                                                                                                                                                SHA1:7D69EA3B385BC067738520F1B5C549E1084BE285
                                                                                                                                                                                                SHA-256:90012F900CF749A0E52A0775966EF575D390AD46388C49D512838983A554A870
                                                                                                                                                                                                SHA-512:EAE6A23D2FD7002A55465844E662D7A5E3ED5A6A8BAF7317897E59A92A4B806DD26F2A19B7C05984745050B4FE3FFA30646A19C0F08451440E415F958204137C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........F..C................META-INF/MANIFEST.MFe.Ao.0...;....-K....d..e.&.UM.BJ)..h)E..~..v......nXI;.wTv.7.p,.4.R..!R.6Gu.@.T.f.....1....}..l.<.....9..K.F..4L#.5.@.{Ih...L.-B8y.`..q....{.v....|...K.l..=....]...m..........T.E...Ke.^1...2..Rwz..2.......pI...N..m..H..;..?..PK.............PK........F..C................META-INF/ORACLE_J.SFu.Ko.@...;...c...->H<.j)XDA./f.eYy,Y.-.....Mos.f.....P.!.1).A..x.5Tq(...F.f..(q..p)..Q|n....I...*Q..Y..@.FS..Y...<'........E..++..j..`N...b..P.iS.Z.e.<r.[a.....ct.............. ...Z..X...x...T..44.'.......ok...h../Z..*..._..Z~mK...zh.....a........w..W..G._?..h.l....';+..&w....+..;K.......PK..+.s.4.......PK........F..C................META-INF/ORACLE_J.RSA3hb...........iA....&.+L......l..m....,L...........2.....q..f&F&&&fK..v..s.,.@.....8.CY..B.a..a&gGC!....].3 1'_.1.$.P.@.$.%,.\.....\._\Y\..[....l.l.......J,KT..O+)O,JUp.OIU..L...K7.1..)b...rvE.Rpv4...5440.b3....( ...5.r.....i.I.......s@.E..E.%..y...A...GF`.27.......aK....o
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4149
                                                                                                                                                                                                Entropy (8bit):5.816047466650347
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:ubCHVyxwEyPEtpuVFWny6NnXjekkMDV6kiPVNXvNhtfx5e6NgyufTMBwtBsv5XHs:ubCHVyxwEyPEtpuV8ny6NnX6kkMDV6kL
                                                                                                                                                                                                MD5:3F5DC1D941E8356CCD04454AC0A7A7D2
                                                                                                                                                                                                SHA1:3698F9AFD870C7959E2D8A0DA0A97B4475554831
                                                                                                                                                                                                SHA-256:C48D57D64ED98F8F174A4F6873F536AE03B41A63F67079D7C2F7140950A1C02E
                                                                                                                                                                                                SHA-512:65319A4EF150884F7E67C6F96085A996C9B32DCF9A539C4EB7AF77B1B46CDD90F1E83446F33DA14467EA37D0628C9411323F5C3D3CEFCF03CBDFA186EEB2BD3C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# JNLPAppletLauncher applet-launcher.jar..SHA1-Digest-Manifest: 5Bo5/eg892hQ9mgbUW56iDmsp1k=....# 7066583..SHA1-Digest-Manifest: x17xGEFzBRXY2pLtXiIbp8J7U9M=..SHA1-Digest-Manifest: ya6YNTzMCFYUO4lwhmz9OWhhIz8=..SHA1-Digest-Manifest: YwuPyF/KMcxcQhgxilzNybFM2+8=....# 7066809..SHA1-Digest-Manifest: dBKbNW1PZSjJ0lGcCeewcCrYx5g=..SHA1-Digest-Manifest: lTYCkD1wm5uDcp2G2PNPcADG/ds=..SHA1-Digest-Manifest: GKwQJtblDEuSVf3LdC1ojpUJRGg=....# 7186931..SHA1-Digest-Manifest: 0CUppG7J6IL8xHqPCnA377Koahw=..SHA1-Digest-Manifest: 3aJU1qSK6IYmt5MSh2IIIj5G1XE=..SHA1-Digest-Manifest: 8F4F0TXA4ureZbfEXWIFm76QGg4=..SHA1-Digest-Manifest: B1NaDg834Bgg+VE9Ca+tDZOd2BI=..SHA1-Digest-Manifest: bOoQga+XxC3j0HiP552+fYCdswo=..SHA1-Digest-Manifest: C4mtepHAyIKiAjjqOm6xYMo8TkM=..SHA1-Digest-Manifest: cDXEH+bR01R8QVxL+KFKYqFgsR0=..SHA1-Digest-Manifest: cO2ccW2cckTvpR0HVgQa362PyHI=..SHA1-Digest-Manifest: D/TyRle6Sl+CDuBFmdOPy03ERaw=..SHA1-Digest-Manifest: eJfWm86yHp2Oz5U8WrMKbpv6GGA=..SHA1-Digest-Manifest: g3mA5HqcRBlKa
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1273
                                                                                                                                                                                                Entropy (8bit):4.167014768533289
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:NPwGDO0uFVW0mSDEYMZ9HWYZj4bJCC8lCEQqkvZq1n4v3CYe:NPrDJuF4oMyYZj4h8lCENq2+e
                                                                                                                                                                                                MD5:BBEBCF13680E71EC2EE562524DA02660
                                                                                                                                                                                                SHA1:C5C005C29A80493F5C31CD7EB629AC1B9C752404
                                                                                                                                                                                                SHA-256:1FBEA394E634630894CF72DE02DF1846F32F3BB2067B3CB596700E4DD923F4B5
                                                                                                                                                                                                SHA-512:B686236EEE055C97A96F5E31A2EE7CE57EED04C2175235CEB19F9F56ABFD22DB6FDCADE8C5D4BA7B656D69E923A1C5844C06DC959A4A915E215FB0ACE377B114
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Algorithm=SHA-256..14E6D2764A4B06701C6CBC376A253775F79C782FBCB6C0EE6F99DE4BA1024ADD..31C8FD37DB9B56E708B03D1F01848B068C6DA66F36FB5D82C008C6040FA3E133..3946901F46B0071E90D78279E82FABABCA177231A704BE72C5B0E8918566EA66..450F1B421BB05C8609854884559C323319619E8B06B001EA2DCBB74A23AA3BE2..4CBBF8256BC9888A8007B2F386940A2E394378B0D903CBB3863C5A6394B889CE..4FEE0163686ECBD65DB968E7494F55D84B25486D438E9DE558D629D28CD4D176..5E83124D68D24E8E177E306DF643D5EA99C5A94D6FC34B072F7544A1CABB7C7B..76A45A496031E4DD2D7ED23E8F6FF97DBDEA980BAAC8B0BA94D7EDB551348645..8A1BD21661C60015065212CC98B1ABB50DFD14C872A208E66BAE890F25C448AF..9ED8F9B0E8E42A1656B8E1DD18F42BA42DC06FE52686173BA2FC70E756F207DC..A686FEE577C88AB664D0787ECDFFF035F4806F3DE418DC9E4D516324FFF02083..B8686723E415534BC0DBD16326F9486F85B0B0799BF6639334E61DAAE67F36CD..D24566BF315F4E597D6E381C87119FB4198F5E9E2607F5F4AB362EF7E2E7672F..D3A936E1A7775A45217C8296A1F22AC5631DCDEC45594099E78EEEBBEDCBA967..DF21016B00FC54F9FE3BC8B039911BB216E9162FAD2FD14D990AB96E9
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Java KeyStore
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):112860
                                                                                                                                                                                                Entropy (8bit):7.58405956263152
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:knYlyRHbLD1Syx011lYcdSmjbDKuaG8QlpzHok0SeHX:knYlyRHrq5dbeO9pLD0SiX
                                                                                                                                                                                                MD5:A2C167C8E0F275B234CB2C2E943781C7
                                                                                                                                                                                                SHA1:2A6B5FBC476EA3A5DDFB4BF1F6CDF0C4DA843BB1
                                                                                                                                                                                                SHA-256:A9263831583DFD58BC3584AA0B13E6CDE43403FB82093329B47BB65A8C701AFB
                                                                                                                                                                                                SHA-512:8A0C2240C603210AE963C6A126D19BF51659FDED2228503BBF2A2662CCB73B0F9E18C020C9E5E2F3449E2F4F0006D68FE15C8FD5D91DEE8A1A6B42A49183BEAA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........h......digicertassuredidrootca....Wa....X.509....0...0................F...`...090...*.H........0e1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1$0"..U....DigiCert Assured ID Root CA0...061110000000Z..311110000000Z0e1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1$0"..U....DigiCert Assured ID Root CA0.."0...*.H.............0.............C.\...`.q....&...... 9(X`......2a<..(........z.....yS\1.*...26v...<...j.!.Ra. ......d..[_.X.5.G.6.k..8>...3../..(......nD.a5...Y..vm..K.+..r.`..5.xU. ...m..I|1.3l"..2Z......9...:r.......1u..}".?.F..(y...W..~......V.......?........_.wO......c0a0...U...........0...U.......0....0...U......E....1-Q...!..m..0...U.#..0...E....1-Q...!..m..0...*.H.....................rszd...rf.2.Bub.......V.....(...`\.LX..=.IEX.5i..G.V.y...g.....<..&, .=.(.._."...e....gI.]..*.&.x.}?+.&5m_...I[.....=%.....o...dh.-..B.....b.Pg.l....k.6...7|.[mz..F`..'..K...g*h....3f....n...c.....%ml...a...&..q......Q.+
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2515
                                                                                                                                                                                                Entropy (8bit):4.490054643169131
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:nWjF29ShnQUQH2Hvh4ic1mo6wv1PdOpGLSYLHoQLZQ/1rJ+fSA:n+4AQWxc1tgAFH
                                                                                                                                                                                                MD5:EC90FD04C2890584A16EB24664050C2A
                                                                                                                                                                                                SHA1:C7FE062EAC95909EC6A5EA93F42DDA5E023AD82C
                                                                                                                                                                                                SHA-256:CED51E3926E6B0CFEC8ECAB3B15D296FDCFAE4D32046224814AAAB5FD0FED9C0
                                                                                                                                                                                                SHA-512:8DA494925B3B5AAE69A30A8B5F9732E64EDBAE39C968229D112185E349C410A0F5D1B281A4E44718E0120E910820B15CA878B2ED1CF905DFC6595F1BA34B85D3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:..// Standard extensions get all permissions by default....grant codeBase "file:${{java.ext.dirs}}/*" {.. permission java.security.AllPermission;..};....// default permissions granted to all domains....grant {.. // Allows any thread to stop itself using the java.lang.Thread.stop().. // method that takes no argument... // Note that this permission is granted by default only to remain.. // backwards compatible... // It is strongly recommended that you either remove this permission.. // from this policy file or further restrict it to code sources.. // that you specify, because Thread.stop() is potentially unsafe... // See the API specification of java.lang.Thread.stop() for more.. // information... permission java.lang.RuntimePermission "stopThread";.... // allows anyone to listen on dynamic ports.. permission java.net.SocketPermission "localhost:0", "listen";.... // "standard" properies that
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):27033
                                                                                                                                                                                                Entropy (8bit):4.840685151784295
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:rmLHAEcqrlANbwbqL1AdLAHaPw2kqUTWip+fzIz:rWQaYFqUTWip0kz
                                                                                                                                                                                                MD5:409C132FE4EA4ABE9E5EB5A48A385B61
                                                                                                                                                                                                SHA1:446D68298BE43EB657934552D656FA9AE240F2A2
                                                                                                                                                                                                SHA-256:4D9E5A12B8CAC8B36ECD88468B1C4018BC83C97EB467141901F90358D146A583
                                                                                                                                                                                                SHA-512:7FED286AC9AED03E2DAE24C3864EDBBF812B65965C7173CC56CE622179EB5F872F77116275E96E1D52D1C58D3CDEBE4E82B540B968E95D5DA656AA74AD17400D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# This is the "master security properties file"...#..# An alternate java.security properties file may be specified..# from the command line via the system property..#..# -Djava.security.properties=<URL>..#..# This properties file appends to the master security properties file...# If both properties files specify values for the same key, the value..# from the command-line properties file is selected, as it is the last..# one loaded...#..# Also, if you specify..#..# -Djava.security.properties==<URL> (2 equals),..#..# then that properties file completely overrides the master security..# properties file...#..# To disable the ability to specify an additional properties file from..# the command line, set the key security.overridePropertiesFile..# to false in the master security properties file. It is set to true..# by default.....# In this file, various security properties are set for use by..# java.security classes. This is where users can statically register..# Cryptography Packag
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):103
                                                                                                                                                                                                Entropy (8bit):4.802539000066613
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:RSjGIWgjM0ePFUNaXsIGNDAPVnyzowv:RS6c2PFUsXsIrRqoa
                                                                                                                                                                                                MD5:E0C4EF8B210C0DDFEE01126E1ACA4280
                                                                                                                                                                                                SHA1:F1CC674F447045D668454996D5C3C188884762CD
                                                                                                                                                                                                SHA-256:E5CD7F9FD43084674AA749BC8301F28DE85EEF6D01BD78828F72FA32377A3368
                                                                                                                                                                                                SHA-512:4820074F15520AD099193B27A673499C31544A7279279EFCB6131D53FE997438A96E1C5B386C233385004F7A2FBB775D4CDE3C0272A196B54C0D8EE6CCEF43DF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:..grant codeBase "file:${jnlpx.home}/javaws.jar" {.. permission java.security.AllPermission;..};....
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3527
                                                                                                                                                                                                Entropy (8bit):7.521709350514316
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:XWlvuYcIou1YgHqK3WwGjIEwtR88fH4VVKZ:sutuyOqKmw0QtRpH4VVKZ
                                                                                                                                                                                                MD5:57AAAA3176DC28FC554EF0906D01041A
                                                                                                                                                                                                SHA1:238B8826E110F58ACB2E1959773B0A577CD4D569
                                                                                                                                                                                                SHA-256:B8BECC3EF2E7FF7D2165DD1A4E13B9C59FD626F20A26AF9A32277C1F4B5D5BC7
                                                                                                                                                                                                SHA-512:8704B5E3665F28D1A0BC2A063F4BC07BA3C7CD8611E06C0D636A91D5EA55F63E85C6D2AD49E5D8ECE267D43CA3800B3CD09CF369841C94D30692EB715BB0098E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........H..C................META-INF/MANIFEST.MF...o.0...;....-..N.I.._..!S..^L..v+....~....K.....9.......-.qLc,.P.N..%QG.b....n...`..m.u...Yw...ak....+to..1.............."m.i8..z}{B...^uV...1..s.>>..Z-.&..%....A..W..t..c....?z.o....A.]d0a...^..a........./..'..NQQ.%...4..l..}....N..A.f..Q[G.K^.S...o..PK.....8....h...PK........H..C................META-INF/ORACLE_J.SF..Ko.0...}.....U....A........-!....c...4..m.E..F.;.G.c..5...AH.qW.93.....-...`...#.Y.1..=.......b....0/.p...`...}...!.N..a'.....'..?eW..(b..SD.(0;*=h.W\.....w........ ........hg. y.....D...1.L'+...P..QOM..f.w...{\m...Tl.&i..!N~..Q.5...8............/.....UzY..$>.}.m..'.............g>.....D.O...o..V...o.O....4....~.2.7..'.o/....}.PK...E..\.......PK........H..C................META-INF/ORACLE_J.RSA3hb...........iA....&.+L......l..m....,L...........2.....q..f&F&&&fK..v..s.,.@.....8.CY..B.a..a&gGC!....].3 1'_.1.$.P.@.$.%,.\.....\._\Y\..[....l.l.......J,KT..O+)O,JUp.OIU..L...K7.1..)b...rvE.Rpv4
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1249
                                                                                                                                                                                                Entropy (8bit):4.735634480139973
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:AJx/wzjJQO1YfK4pPq8Ul6GyGLCKDJ9w5lAu9aEVjEcGuc8X3A0LlmPOiMA0L9UV:w/61sppNUl6GbLCOMlmEOucA3e2s/WW
                                                                                                                                                                                                MD5:BB63293B1207CB8608C5FBE089A1B06D
                                                                                                                                                                                                SHA1:96A0FA723AF939C22AE25B164771319D82BC033B
                                                                                                                                                                                                SHA-256:633015AD63728DFE7A51BF26E55B766DD3E935F1FCCCFFA8054BF6E158EA89B2
                                                                                                                                                                                                SHA-512:0042DEBE4A77DA997A75A294A0C48D19AED258EEB3CD723FD305037DF11F0A5073A92CC54967B8B541E1AFC912F36481D0B0F68477B8156E52E15093722B7C32
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:############################################################..# Sound Configuration File..############################################################..#..# This properties file is used to specify default service..# providers for javax.sound.midi.MidiSystem and..# javax.sound.sampled.AudioSystem...#..# The following keys are recognized by MidiSystem methods:..#..# javax.sound.midi.Receiver..# javax.sound.midi.Sequencer..# javax.sound.midi.Synthesizer..# javax.sound.midi.Transmitter..#..# The following keys are recognized by AudioSystem methods:..#..# javax.sound.sampled.Clip..# javax.sound.sampled.Port..# javax.sound.sampled.SourceDataLine..# javax.sound.sampled.TargetDataLine..#..# The values specify the full class name of the service..# provider, or the device name...#..# See the class descriptions for details...#..# Example 1:..# Use MyDeviceProvider as default for SourceDataLines:..# javax.sound.sampled.SourceDataLine=com.xyz.MyDeviceProvider..#..# Example 2:..# Speci
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):103910
                                                                                                                                                                                                Entropy (8bit):7.113278604363908
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:OcQWmFKJzLl2g6kpE7tdTMBB/////t97Taz69rU4y/uqmol7s2gK:Oyh3F27/qGzkrfy/uqllQ2gK
                                                                                                                                                                                                MD5:5A7F416BD764E4A0C2DEB976B1D04B7B
                                                                                                                                                                                                SHA1:E12754541A58D7687DEDA517CDDA14B897FF4400
                                                                                                                                                                                                SHA-256:A636AFA5EDBA8AA0944836793537D9C5B5CA0091CCC3741FC0823EDAE8697C9D
                                                                                                                                                                                                SHA-512:3AB2AD86832B98F8E5E1CE1C1B3FFEFA3C3D00B592EB1858E4A10FFF88D1A74DA81AD24C7EC82615C398192F976A1C15358FCE9451AA0AF9E65FB566731D6D8F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...TZDB....2016d.S..Africa/Abidjan..Africa/Accra..Africa/Addis_Ababa..Africa/Algiers..Africa/Asmara..Africa/Asmera..Africa/Bamako..Africa/Bangui..Africa/Banjul..Africa/Bissau..Africa/Blantyre..Africa/Brazzaville..Africa/Bujumbura..Africa/Cairo..Africa/Casablanca..Africa/Ceuta..Africa/Conakry..Africa/Dakar..Africa/Dar_es_Salaam..Africa/Djibouti..Africa/Douala..Africa/El_Aaiun..Africa/Freetown..Africa/Gaborone..Africa/Harare..Africa/Johannesburg..Africa/Juba..Africa/Kampala..Africa/Khartoum..Africa/Kigali..Africa/Kinshasa..Africa/Lagos..Africa/Libreville..Africa/Lome..Africa/Luanda..Africa/Lubumbashi..Africa/Lusaka..Africa/Malabo..Africa/Maputo..Africa/Maseru..Africa/Mbabane..Africa/Mogadishu..Africa/Monrovia..Africa/Nairobi..Africa/Ndjamena..Africa/Niamey..Africa/Nouakchott..Africa/Ouagadougou..Africa/Porto-Novo..Africa/Sao_Tome..Africa/Timbuktu..Africa/Tripoli..Africa/Tunis..Africa/Windhoek..America/Adak..America/Anchorage..America/Anguilla..America/Antigua..America/Araguaina..America/
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8602
                                                                                                                                                                                                Entropy (8bit):5.204166069367786
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:j1kfcymkDvxeMmKg5GQEK2TtllXinSV29OHPQT:hhymk/QGT7YT
                                                                                                                                                                                                MD5:B8DD8953B143685B5E91ABEB13FF24F0
                                                                                                                                                                                                SHA1:B5CEB39061FCE39BB9D7A0176049A6E2600C419C
                                                                                                                                                                                                SHA-256:3D49B3F2761C70F15057DA48ABE35A59B43D91FA4922BE137C0022851B1CA272
                                                                                                                                                                                                SHA-512:C9CD0EB1BA203C170F8196CBAB1AAA067BCC86F2E52D0BAF979AAD370EDF9F773E19F430777A5A1C66EFE1EC3046F9BC82165ACCE3E3D1B8AE5879BD92F09C90
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# This file describes mapping information between Windows and Java..# time zones...# Format: Each line should include a colon separated fields of Windows..# time zone registry key, time zone mapID, locale (which is most..# likely used in the time zone), and Java time zone ID. Blank lines..# and lines that start with '#' are ignored. Data lines must be sorted..# by mapID (ASCII order)...#..# NOTE..# This table format is not a public interface of any Java..# platforms. No applications should depend on this file in any form...#..# This table has been generated by a program and should not be edited..# manually...#..Romance:-1,64::Europe/Paris:..Romance Standard Time:-1,64::Europe/Paris:..Warsaw:-1,65::Europe/Warsaw:..Central Europe:-1,66::Europe/Prague:..Central Europe Standard Time:-1,66::Europe/Prague:..Prague Bratislava:-1,66::Europe/Prague:..W. Central Africa Standard Time:-1,66:AO:Africa/Luanda:..FLE:-1,67:FI:Europe/Helsinki:..FLE Standard Time:-1,67:FI:E
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (427), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                Entropy (8bit):5.416086012521588
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:GEKkc58IOlBVAQEjy2IM0oPP1RVtc8fFVKeiIdGIVIPJvq1RUbDcz:GEK7586QY/0oPtRb2TqySRUkz
                                                                                                                                                                                                MD5:A61B1E3FE507D37F0D2F3ADD5AC691E0
                                                                                                                                                                                                SHA1:8AE1050FF466B8F024EED5BC067B87784F19A848
                                                                                                                                                                                                SHA-256:F9E84B54CF0D8CB0645E0D89BF47ED74C88AF98AC5BF9CCF3ACCB1A824F7DC3A
                                                                                                                                                                                                SHA-512:3E88A839E44241AE642D0F9B7000D80BE7CF4BD003A9E2F9F04A4FEB61EC4877B2B4E76151503184F4B9978894BA1D0DE034DBC5F2E51C31B3ABB24F0EACF0C7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:JAVA_VERSION="1.8.0_101"..OS_NAME="Windows"..OS_VERSION="5.1"..OS_ARCH="i586"..SOURCE=" .:e983a19c6439 corba:2bb2aec4b3e5 deploy:2390a2618e98 hotspot:77df35b662ed hotspot/make/closed:40ee8a558775 hotspot/src/closed:710cffeb3c01 hotspot/test/closed:d6cfbcb20a1e install:68eb511e9151 jaxp:8ee36eca2124 jaxws:287f9e9d45cc jdk:827b2350d7f8 jdk/make/closed:53a5d48a69b0 jdk/src/closed:06c649fef4a8 jdk/test/closed:556c76f337b9 langtools:8dc8f71216bf nashorn:44e4e6cbe15b pubs:388b7b93b2c0 sponsors:1b72bbdb30d6"..BUILD_TYPE="commercial"..
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):247787
                                                                                                                                                                                                Entropy (8bit):7.915391305945515
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:p+30cnH7ihlQT+uRm0C/vL7cvRurEQ9oTo4/1pC:p+3VnYo+WkvsJuApo4/1k
                                                                                                                                                                                                MD5:F5AD16C7F0338B541978B0430D51DC83
                                                                                                                                                                                                SHA1:2EA49E08B876BBD33E0A7CE75C8F371D29E1F10A
                                                                                                                                                                                                SHA-256:7FBFFBC1DB3422E2101689FD88DF8384B15817B52B9B2B267B9F6D2511DC198D
                                                                                                                                                                                                SHA-512:82E6749F4A6956F5B8DD5A5596CA170A1B7FF4E551714B56A293E6B8C7B092CBEC2BEC9DC0D9503404DEB8F175CBB1DED2E856C6BC829411C8ED311C1861336A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........RT.IcT..............META-INF/MANIFEST.MF.....T]o.0.}G...x.6.......L.T..X_'.\..3.....h....).}r...zF.[.6.3(.........G..LFl. .....z4....4.A@*"........5&.....=..Ah^`.I....N.3......y1#.s.r.5h...D.J7.....s..2..4.05H5.{...A..|.,...}..C....'.tT.g.d.}..I../.....8.2&.w.........+.."..`c.y._...?..9.{........L3.0.....M...6..T.x.R.tQ..+#...`4.K..)f.L.5.^..(..22U....-.#.5Qdj.......n.e=5$..$b."...sA!..D....OO..fNg.... ui.2...=....-..R.G..E..V3..G..m.i..L...f.......8.`......^........!...`5.0V.%?...D&.Iy5.....?...V.._..m.T..B.:..-..Ng)%....}o.w._PK........RT.I................org/..PK........RT.I................org/objectweb/..PK........RT.I................org/objectweb/asm/..PK........RT.I............)...org/objectweb/asm/AnnotationVisitor.class..]O.`.....(+.....:']...`L..b...../.4M..R.~...&.%...~(.9m...3{..?...y....??....]..@E. .v.P.{b..w.'.....'.;......~....qt.^.i.....><.....}.&a..u..&l..{..u. ..........s'3..(L_.^.>.z...uU.<$(..9I.......'......'.........
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):810999
                                                                                                                                                                                                Entropy (8bit):7.990303165823132
                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                SSDEEP:12288:QqmXSKYGix710RyjEBJT0qB8xjOWfWUMveOteWsjJFh/bn3LCBTFuZMHdiL8Oeu3:GSJJp0RiUJdBUKYzjJFhT3NM9g/wy
                                                                                                                                                                                                MD5:A7D4A2C9D18CCE513F87DC37BC7A1A8A
                                                                                                                                                                                                SHA1:955E2F8C1CC657D7A2F49FA455AF8658F3AA9F80
                                                                                                                                                                                                SHA-256:17C18AF34D0EBB18D1FDC4B5E4A72463DDBA0DE6D221576B06B40D6DB3E0ECEA
                                                                                                                                                                                                SHA-512:FD0C444B4EBFEDC01D2950017CF3A3A8435CFCBA603C01A1A8151D4C5AB7B2EB0561FC1E5928FB34968F7DBE70BC2E225C7ACE811846815295AC6B4EBCBE730F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK..........$Y................META-INF/....PK..........$Yc..\...h.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%-..y...R.KRSt.*A.-......u....4....sR......K..h.r.r..PK..........$Y.................packages/PK..........$Y................action/PK..........$Y................behaviour/PK..........$Y................behaviour/custom/PK..........$Y................bundle/PK..........$Y................bundle/jurl/PK..........$Y................bundle/windows/PK..........$Y................bundle/windows/api/PK..........$Y................bundle/windows/result/PK..........$Y................bundle/zip/PK..........$Y................facade/PK..........$Y................installer/PK..........$Y................installer/forms/PK..........$Y................installer/modules/PK..........$Y................php/PK..........$Y................php/compress/PK..........$Y................php/framework/PK..........$Y................php/gui/PK..........$Y................php/gui/framework/PK.....
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13202
                                                                                                                                                                                                Entropy (8bit):7.737712617961208
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:LhR1Ygxt7I20RiT2dI03cIH8W6Bc4/kyOLZAy0ZH6AfkA8sFayhbD3D3KRe:1RNRI24AKBcW6BIyYreXf/iyhPD3KU
                                                                                                                                                                                                MD5:3E5E8CCCFF7FF343CBFE22588E569256
                                                                                                                                                                                                SHA1:66756DAA182672BFF27E453EED585325D8CC2A7A
                                                                                                                                                                                                SHA-256:0F26584763EF1C5EC07D1F310F0B6504BC17732F04E37F4EB101338803BE0DC4
                                                                                                                                                                                                SHA-512:8EA5F31E25C3C48EE21C51ABE9146EE2A270D603788EC47176C16ACAC15DAD608EEF4FA8CA0F34A1BBC6475C29E348BD62B0328E73D2E1071AAA745818867522
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........3.\K................META-INF/..PK........3.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........3.\K................JPHP-INF/..PK........3.\K................JPHP-INF/sdk/..PK........3.\K..e.....\... ...JPHP-INF/sdk/ArithmeticError.phpe..j.0...@.Ac...n]..C..+8....)Xr....t.`cI.......i.K..t.V..F..)@...l.[B...G^b.E=I.a.2J..'..%.b. ^.......z........S ........v......d.h4...1NN]..,..t...~..yo&...G.....<@A...5. .\..ET.w;.S...w.....a..61...[.O....k....PK........3.\K.J.......... ...JPHP-INF/sdk/array-functions.php.Y]o.0.}G.?..M....M[.U.j.h.=F&..q2.0.u.}Nb ....:.@7p....p...Y...\]^v;.e.)C.....z.z.G...z1.P....h...U..H...jc.O..@4..U.._..K..C....6...q;..v.t;.})q....Q..eE..5wg+.l.c..V.......T{qJ..(53.cXn..<..#.k.....RI.A..8...D$..0..0]os...|...OR...p......]..`0.f.8.q....p...H....E..4>{...5.Xf.....5...Wms...>....LH..$,`C......T..#.#K..4".....f.-!h..MAle.m.a..2.....AZ......iT.Z.....Vu.J.a......p..4.6B..I..D9GY....}.L"Mh.....$...M.
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):231952
                                                                                                                                                                                                Entropy (8bit):7.8987047381149225
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:2DiL6hR+wm60gqZjJhqo2M04r7bv1XMrMxw1rl1rwj+Bmd6dYBmkW1eIjEmFdbl6:bq0jSi2Qi1B1Cay6dYBUwmPxLe3
                                                                                                                                                                                                MD5:5134A2350F58890FFB9DB0B40047195D
                                                                                                                                                                                                SHA1:751F548C85FA49F330CECBB1875893F971B33C4E
                                                                                                                                                                                                SHA-256:2D43EB5EA9E133D2EE2405CC14F5EE08951B8361302FDD93494A3A997B508D32
                                                                                                                                                                                                SHA-512:C3CDAF66A99E6336ABC80FF23374F6B62AC95AB2AE874C9075805E91D849B18E3F620CC202B4978FC92B73D98DE96089C8714B1DD096B2AE1958CFA085715F7A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK...........H................META-INF/PK...........H..Q?....p.......META-INF/MANIFEST.MF.R]..0.|...`....$.8...SQ.C.....Kp... ..u>0.U..9.....Y....M..J3)2.....+A9..A..M.x.R.....q.SD].l{)w.......\..........=...N.n36..F.FM.../.b.6.A.D...l.Z].x4M'.t<.R7z..w.k}._.S@.g.z..81%E..dh.l.a.G.."'........n......Je.h6lM.(..r.{_.T&.....[....Z...N_. G.c............T6.z.z]m...N.s+..........R.Zg.`.Qg.a...a+e.J..W..%.P....7.I...$..wi.{...*...{...=.N......Q@.`v..$..G..........M./m3.....6.O.9...T.P.[X........~Lc.{Q$.QXHe=k...D.pE.nH...PK...........H................com/PK...........H................com/google/PK...........H................com/google/gson/PK...........H................com/google/gson/annotations/PK...........H................com/google/gson/internal/PK...........H................com/google/gson/internal/bind/PK...........H............#...com/google/gson/internal/bind/util/PK...........H................com/google/gson/reflect/PK...........H................com/google/g
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):106006
                                                                                                                                                                                                Entropy (8bit):7.823795646704166
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:CPj4aLCBcnn4xGrpR7H30x4VTNVNM43QHt0msLiWzO5SQJn4494m75CYl3U:ETCBmnoCptBNNVNzQ6e5SQW494mlZ2
                                                                                                                                                                                                MD5:0C8768CDEB3E894798F80465E0219C05
                                                                                                                                                                                                SHA1:C4DA07AC93E4E547748ECC26B633D3DB5B81CE47
                                                                                                                                                                                                SHA-256:15F36830124FC7389E312CF228B952024A8CE8601BF5C4DF806BC395D47DB669
                                                                                                                                                                                                SHA-512:35DB507A3918093B529547E991AB6C1643A96258FC95BA1EA7665FF762B0B8ABB1EF732B3854663A947EFFE505BE667BD2609FFCCCB6409A66DF605F971DA106
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........3.\K................META-INF/..PK........3.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........3.\K.................packages/..PK........3.\KpS..v............packages/framework.pkg.W.n.8.}....}..,.:m....c3.&.(Hr;....k..V..h.sH../.\..h... w.T6j....k.o..;L.....dBR.{/.I.P.t.H.:s...X.......#...-..CPm.....lT;..u........P..o.L.j..a.h...@.@..6`J....D9..IfT..U....d.B.]..........T.<.......nfs..k....P`..,..g........T[+@.em.cY...F.k.h..T.M.1....{.eg@+Q.._a.....(O.Z..y.UPu....;.M.......8O..d$....)...MlMc/..;.|....N.(.s.......1.c.n..... T+..._.g*@R9.. ...F...../...lg..>.....W...J.6.<.VT..iY.l....}......M.J.?.........YS....H.9rG.I.;....ZK...d'|....Ix....c.....ve._s......JOu..s....Z...)g........j.K.W.7.o .^....:!m...n...........*9Q'..8.<..3!.\.8.j...z.mn.....6.....].N/...x]..Ke....:.A.Z.......l..AaG3~..y.K8R..<#J?..P..._..k.H........ .]L8.......j......lYq..).......(.hCf...$$..l.....K...M3...Ll9....-.1.%.......v.....m...
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):475905
                                                                                                                                                                                                Entropy (8bit):7.8713354167151675
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:pyfuv+DnikW2IfqFXKzNGNyyRmfD4vCgdiRST:pLWDnid2IfZGAyAfczdig
                                                                                                                                                                                                MD5:7E5E3D6D352025BD7F093C2D7F9B21AB
                                                                                                                                                                                                SHA1:AD9BFC2C3D70C574D34A752C5D0EBCC43A046C57
                                                                                                                                                                                                SHA-256:5B37E8FF2850A4CBB02F9F02391E9F07285B4E0667F7E4B2D4515B78E699735A
                                                                                                                                                                                                SHA-512:C19C29F8AD8B6BEB3EED40AB7DC343468A4CA75D49F1D0D4EA0B4A5CEE33F745893FBA764D35C8BD157F7842268E0716B1EB4B8B26DCF888FB3B3F4314844AAD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK..........[K................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK..........[K................org/..PK..........[K................org/develnext/..PK..........[K................org/develnext/jphp/..PK..........[K................org/develnext/jphp/core/..PK..........[K................org/develnext/jphp/core/common/..PK..........[K0:..).......G...org/develnext/jphp/core/common/ObjectSizeCalculator$ObjectWrapper.class.RMo.@.}k;q.\....o.$....F.@.*".p.*.'6.*qp.`;.EH........%.$...q...B.V..r.....{o.....o...* ..yh8"..:..p.'u.b....pb.rk...q.g.H.K...._f.....1h..+.f[./........OH......]Y.....af..V.G#.2.M..a..Q$..h.a..u...~l.F......0..~..v........ \..)..{c.E..~.A...K;...U>J-..<.o..VkM.,..Fi...CG.....^..I%.y,..3p.gt.e...#....d(..'.J?#..q.E..jmj....\...;...Q,...]..n.qm{[{.............T..(P.G.......3.i}..*....t.xD...'..ja.6.J@.IV.?(c..|.r.....6.~..>A-ko.Q'..(.whtlB..AS'./#..P|J..1?... ....mRWj.S.CF7X.t.......I)[/..T...ze.k.WT..,.L.
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17374
                                                                                                                                                                                                Entropy (8bit):7.682654493549437
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:Paj1PXNyyQwsCxm7VXh3il27I8pdo63XNrqlY3ylWn4iczt3Z:e1/BQwsCxIVXhuF8pKaXNdXn4icz9Z
                                                                                                                                                                                                MD5:B50E2C75F5F0E1094E997DE8A2A2D0CA
                                                                                                                                                                                                SHA1:D789EB689C091536EA6A01764BADA387841264CB
                                                                                                                                                                                                SHA-256:CF4068EBB5ECD47ADEC92AFBA943AEA4EB2FEE40871330D064B69770CCCB9E23
                                                                                                                                                                                                SHA-512:57D8AC613805EDADA6AEBA7B55417FD7D41C93913C56C4C2C1A8E8A28BBB7A05AADE6E02B70A798A078DC3C747967DA242C6922B342209874F3CAF7312670CB0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........3.\K................META-INF/..PK........3.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........3.\K................org/..PK........3.\K................org/develnext/..PK........3.\K................org/develnext/jphp/..PK........3.\K................org/develnext/jphp/ext/..PK........3.\K................org/develnext/jphp/ext/gui/..PK........3.\K............#...org/develnext/jphp/ext/gui/desktop/..PK........3.\K............+...org/develnext/jphp/ext/gui/desktop/classes/..PK........3.\K.|wk.......6...org/develnext/jphp/ext/gui/desktop/classes/Mouse.class.SmO.A.~...^O....J..P..QQ.."&M*.0|2!.c)...n..../&F.....(..-.A..}f.yff......2..0e.&.m.B!....ha..<C.#..~..P....0VZ.+T.]W....&.^.r.b.....r.|.E....m..Z.+...R...V..k^.......<.....z_F.K. ....!|%..{`.Q.%..[..].(..}..XeHQ........h...S.i.!....*.a.i.(..F6..m.I...R...Yp.2[....C..))%.f...]..Mt7..Sm6...D.D......'.K3);i{.7..ER..5..'N'..73ip?&^.hoZ.up.....,.e.wq..}.W..`.+..g.%....|...S.....*......&t.
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):704689
                                                                                                                                                                                                Entropy (8bit):7.834558665203789
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:sSn9gd/GXLtKb+Ozu5idmEfcHOPJZ7bw1kXn0yZLJZsDDpJSWB5qSEhQ:sMw/GXUb+euCVIOxRQIZOnuK
                                                                                                                                                                                                MD5:6696368A09C7F8FED4EA92C4E5238CEE
                                                                                                                                                                                                SHA1:F89C282E557D1207AFD7158B82721C3D425736A7
                                                                                                                                                                                                SHA-256:C25D7A7B8F0715729BCCB817E345F0FDD668DD4799C8DAB1A4DB3D6A37E7E3E4
                                                                                                                                                                                                SHA-512:0AB24F07F956E3CDCD9D09C3AA4677FF60B70D7A48E7179A02E4FF9C0D2C7A1FC51624C3C8A5D892644E9F36F84F7AAF4AA6D2C9E1C291C88B3CFF7568D54F76
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........gt]K................META-INF/..PK........0.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK......../.\K................org/..PK......../.\K................org/develnext/..PK......../.\K................org/develnext/jphp/..PK......../.\K................org/develnext/jphp/ext/..PK........gt]K................org/develnext/jphp/ext/javafx/..PK........gt]K............#...org/develnext/jphp/ext/javafx/bind/..PK........gt]K....V.......>...org/develnext/jphp/ext/javafx/bind/BoundsMemoryOperation.class.V[W.U..N..a....B[.Z...h-.....E.h.-.j..$.Hf..$....|...P}.k.e.k..\.33..&..b......g_f.....K.w..a.3.f..).W.0.va._(.R.....).5.......$.Z.#).*V.\U.&..)S*6.|....V..$.S..0.cKAZA..s.-1.......3N.3.IX6_.....bn.h%.p.fa.t-....[e........k....K...U3[3.,;c<p*v......\.),.`8..g.f...|,.8!.......:.w%..m..K./.0..."+%..U...l,!..Vla....1gW-.....ol..f./.Y.....x".(."..^.....i.k'zc.........e.9.@..0hs.4/.\...UW..?.m.X..%..O.s...N..S..{....0.;.f).owu.....yZ...[.h....
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17135
                                                                                                                                                                                                Entropy (8bit):7.7352982443766
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:fSw3uFslDvQGOoqdoUFKgvXj9jmHo5+FejOcEDffWPvy:KwJlrQGOdoUFKgvTmn6y
                                                                                                                                                                                                MD5:FDE38932B12FC063451AF6613D4470CC
                                                                                                                                                                                                SHA1:BC08C114681A3AFC05FB8C0470776C3EAE2EEFEB
                                                                                                                                                                                                SHA-256:9967EA3C3D1AEE8DB5A723F714FBA38D2FC26D8553435AB0E1D4E123CD211830
                                                                                                                                                                                                SHA-512:0F211F81101CED5FFF466F2AAB0E6C807BB18B23BC4928FE664C60653C99FA81B34EDF5835FCC3AFFB34B0DF1FA61C73A621DF41355E4D82131F94FCC0B0E839
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........K.\K................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK..........[K................org/..PK..........[K................org/develnext/..PK..........[K................org/develnext/jphp/..PK........K.\K................org/develnext/jphp/json/..PK........K.\K............ ...org/develnext/jphp/json/classes/..PK........K.\K........5...5...org/develnext/jphp/json/classes/JsonProcessor$1.class..[S.@.....B..E.^.A..\B.C..Uf..":.8!Y.t..$...|.M?./:.....x...C.H3._.....nv......,6...(C"..$.R.c.......*..C.a.a.a.a.a.a.a.a.a.!.eXaXU.5m.?..H.1....i...r..v`.%.wt...Y...#^.t...6.9Ks]N.t..E......O-.......%..M^.G...tFA[.,....../k..{.....U..e.....d..kq.o{f....jf.......o.A..M..P.Om.r\..ns....k1..]._...c.+.;...u.,)R...u...6.!-.Q...h_.C....(,..O..!.M.r...;.... ....io.)^....5*".F!6L[..Fe.J....C..yuO....H............#.uE..}..;.W.\,..5rn=.|&......#<...C..Z..Ok...T..r".L\).]1.a(.J.9..[.$.1E.Y/j?.^:..{4.@S`....%.o...
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1177648
                                                                                                                                                                                                Entropy (8bit):7.91949701328009
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:cP4MBZrpGi4exQ9qdXVd/F/3yy7mgviLzIM:czHMi4eKCd/BzaLcM
                                                                                                                                                                                                MD5:D5EF47C915BEF65A63D364F5CF7CD467
                                                                                                                                                                                                SHA1:F711F3846E144DDDBFB31597C0C165BA8ADF8D6B
                                                                                                                                                                                                SHA-256:9C287472408857301594F8F7BDA108457F6FDAE6E25C87EC88DBF3012E5A98B6
                                                                                                                                                                                                SHA-512:04AEB956BFCD3BD23B540F9AD2D4110BB2FFD25FE899152C4B2E782DAA23A676DF9507078ECF1BFC409DDFBE2858AB4C4C324F431E45D8234E13905EB192BAE8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK..........\K................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK..........[K................php/..PK..........\K................php/runtime/..PK..........\K................php/runtime/annotation/..PK..........\K.~..........0...php/runtime/annotation/Reflection$Abstract.class.PMK.@...W.Xm...b...s..h..%FA<m..l7!....<...Q.[D.P....y..........8h:.u.'.>..4..H.@.WE..b}>..)p...f..e.XQW..H.g..;....O...O..E...Ts6n...b..Knp....?....n.d:!....|O.=.eB,*..#...z......@'yK..'..]~..u.Ieh..9.....J.,#.....S....._&p.vv[@....{.(q-....-F.sUB..6,|A.P.-[.a.....v...PK..........\K.RG=........+...php/runtime/annotation/Reflection$Arg.class.S[SRQ......./].L-%..X.[N..M.8........l.a....C?........p8k}.Z....?~.x...v-.-....W.`X..x...].<..o..JZ.....?...U.....6.W....=.....;P....P$.....:.-a..5.*.J8..N.z........1......m.e}...Z..Y.N...6...N.2..\4.CZS..Q..,..*......*W...i"S5.$...........Qz.r...Cf(. .fo....dZ.lH.M\.q?`.............vh
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):20151
                                                                                                                                                                                                Entropy (8bit):7.765220504812666
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:dti5BMxSo4LgAAsJilYcmwPbEM0Av7wGkJXbhS1OaVKD6U2:DqoCgqyIMZwRJLQO5eU2
                                                                                                                                                                                                MD5:0A79304556A1289AA9E6213F574F3B08
                                                                                                                                                                                                SHA1:7EE3BDE3B1777BF65D4F62CE33295556223A26CD
                                                                                                                                                                                                SHA-256:434E57FFFC7DF0B725C1D95CABAFDCDB83858CCB3E5E728A74D3CF33A0CA9C79
                                                                                                                                                                                                SHA-512:1560703D0C162D73C99CEF9E8DDC050362E45209CC8DEA6A34A49E2B6F99AAE462EAE27BA026BDB29433952B6696896BB96998A0F6AC0A3C1DBBB2F6EBC26A7E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK.........tVK................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........wkVK................org/..PK........wkVK................org/develnext/..PK........wkVK................org/develnext/jphp/..PK........wkVK................org/develnext/jphp/ext/..PK........wkVK................org/develnext/jphp/ext/xml/..PK........wkVK............#...org/develnext/jphp/ext/xml/classes/..PK........wkVKmw.>........@...org/develnext/jphp/ext/xml/classes/WrapDomDocument$Methods.class.R]S.@.=......R...!y!3.}..L...;".5.iS...f..O.....r.l...f$.9{..~.....'.W.q...9...}.NS.U/a...y......e.D".,.%h.pk....|.`BOh.P>..J.|.N...>...C..H...4./....E\.t....M.g..<...|..yC..`...1..k;.l.Vu.u..+.P...ro....N~...g..>..#..X.%...U.........n.fB.C..yw.KQ..;.g}..4..UmW.*E.d...T..P.|....Li..g..2..........8.5.%..Ez..[dw.M.H....pv..I6..p.&A..<gypE......r...i..9.{.@?...?|..Pw.........U.s..h...A....,..cp.K........W,...m..cp...........c<.....cK..;$x.....PK........w
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):97358
                                                                                                                                                                                                Entropy (8bit):7.9345189846943915
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:yZwgOueuKZ4THgWvLnhgmmJFgVn+nhEA1ODIrSrUricEDMrV+LAB:yZwgwuKmTDFgmmoVn+mAUhrUicRoAB
                                                                                                                                                                                                MD5:4BC2AEA7281E27BC91566377D0ED1897
                                                                                                                                                                                                SHA1:D02D897E8A8ACA58E3635C009A16D595A5649D44
                                                                                                                                                                                                SHA-256:4AEF566BBF3F0B56769A0C45275EBBF7894E9DDB54430C9DB2874124B7CEA288
                                                                                                                                                                                                SHA-512:DA35BB2F67BCA7527DC94E5A99A162180B2701DDCA2C688D9E0BE69876ACA7C48F192D0F03D431CCD2D8EEC55E0E681322B4F15EBA4DB29EF5557316E8E51E10
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK.........tVK................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........bkVK................org/..PK........bkVK................org/develnext/..PK........bkVK................org/develnext/jphp/..PK........bkVK................org/develnext/jphp/zend/..PK........ckVK................org/develnext/jphp/zend/ext/..PK........bkVK............!...org/develnext/jphp/zend/ext/json/..PK........bkVK.l.R........4...org/develnext/jphp/zend/ext/json/JsonConstants.class..]o.0......c]...k....!..@..u.4).[mWQ.F,S.Ti:!..K\!q...G!.M.^............;...j.2.8.O..@....dG.....A`...$......A...5..;B[.._.c.B......B`].u...[.J.D.,...f.A=.d..pv.lJ..h...t.s.cX.y...8?...b.g.[..Z.z..<...&..z....j...xiX..s...,...0J.\c..$PQ$..ym.m...x.;&.GwD....u.........".L .:.......~.@....f...tt.$.?..R6.?..I(x&f..pB...'..Ap....c...O.. .h.&q..p........O.~P.e..n..?..p....._a..E".Fi8.dh2...$...h..i..8I}.e.....C..YX....<....._F.*..|E.5.....zW..@.Tx.....+..@..
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13213
                                                                                                                                                                                                Entropy (8bit):7.627776815487544
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:yXmigootuYzXKKk6BL8UUJY0eP6nHY2AJ4qxivXRp2gFyjSonqKLRM7RbEZ:Km0WzX7k6eJB06HZYwRzFyj0uRM7RbEZ
                                                                                                                                                                                                MD5:20F6F88989E806D23C29686B090F6190
                                                                                                                                                                                                SHA1:1FDB9A66BB5CA587C05D3159829A8780BB66C87D
                                                                                                                                                                                                SHA-256:9D5F06D539B91E98FD277FC01FD2F9AF6FEA58654E3B91098503B235A83ABB16
                                                                                                                                                                                                SHA-512:2798BB1DD0AA121CD766BD5B47D256B1A528E9DB83ED61311FA685F669B7F60898118AE8C69D2A30D746AF362B810B133103CBE426E0293DD2111ACA1B41CCEA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........1.\K................META-INF/..PK........1.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........1.\K................org/..PK........1.\K................org/develnext/..PK........1.\K................org/develnext/jphp/..PK........1.\K................org/develnext/jphp/ext/..PK........1.\K................org/develnext/jphp/ext/zip/..PK........1.\K............#...org/develnext/jphp/ext/zip/classes/..PK........1.\K..tp....B...6...org/develnext/jphp/ext/zip/classes/PZipException.class.SMo.@.}...../Z.@.iC(.X.....B....*U.....6[.k.vL......B.:.JPER.ffg.}3+....'.....5k....l.f^k..7.W.n.D.7...P&....84.2i.=....4.b..._.Z...R;<T.9W.....T.ok.E7......d)......cq.2..u...{...:../.D%b...:...R.........I....../TMx7a..b..|.Y..m.u8.~.G/.......P...cO...v.{fu.V...].hV..0...8x.......Qq{.%..,.G..i.FVP....w;h..,"....S..pf.1....Q....2f..'<..#.....6....fD.CBs:...K.B.OD..".?.+..l.>ms...y...;.[........YT8Z..8.5.qP.*..,..h./.-.K.....i..S....{...8Z....wpo...-.X..4p
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):41203
                                                                                                                                                                                                Entropy (8bit):7.855219741633254
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:CkwPhOR4PpSvw6vob5IJ9eoYUx7eBr9HDhzCZ+8ylnm1fjiUNcS5cXeK/7DaeR7g:CRPhOR4B0reWJYURuHN4ylnaeSI4
                                                                                                                                                                                                MD5:CAAFE376AFB7086DCBEE79F780394CA3
                                                                                                                                                                                                SHA1:DA76CA59F6A57EE3102F8F9BD9CEE742973EFA8A
                                                                                                                                                                                                SHA-256:18C4A0095D5C1DA6B817592E767BB23D29DD2F560AD74DF75FF3961DBDE25B79
                                                                                                                                                                                                SHA-512:5DD6271FD5B34579D8E66271BAB75C89BACA8B2EBEAA9966DE391284BD08F2D720083C6E0E1EDDA106ECF8A04E9A32116DE6873F0F88C19C049C0FE27E5D820B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK..........pJ................META-INF/PK..........pJ..w0?...........META-INF/MANIFEST.MF}._O.0....;.....J2....a..F.o.v..tm.....&c..q.w.9'..Q..Y...q%..%.........x.`.g..|ol.ZH......l.hF...7...............Gw..2..'.1..<..F&../4.O..V......4..R....k...*.<.Un..h....ZR...B..Kn..u.L5o..~.kl{.........xJ......d.L...~D..O.Y.w..$..X.r...FI.3@Q/.q.>.ke,.S....C...|.:.C]...L...{.....K.....m.D.&..Cx.qk...j...PK........J.pJ................org/PK..........pJ................org/slf4j/PK..........pJ................org/slf4j/event/PK..........pJ................org/slf4j/helpers/PK..........pJ................org/slf4j/spi/PK..........pJ...^]...+...$...org/slf4j/event/EventConstants.class}.MO.@...........=.x...!!%i......6i../O&....(.l.../.y.wvf..........8..$..C...C}..F...P..^(LOLL7.Ir4.r.-].5...k....].=._...#.....CkM.q.[*...0U..l.......N.27..[.d.|......4p<.E/..F..r..g.;1.G.RL.g'd....VC..z......q.S.dP.?.f..H[.........'....Ck.g..i-..P8".|..6.p...+dp..........5..+k.A\X."..........e
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15257
                                                                                                                                                                                                Entropy (8bit):7.804568217256536
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:wyBOIrDL/vJ0RWNML2NyWKr362ByOikGnqO5Vyb3Uab+UtJIdgihtqSXs:wyBnxxMLg7KrqU7Gnqrb3lhtuF/qS8
                                                                                                                                                                                                MD5:722BB90689AECC523E3FE317E1F0984B
                                                                                                                                                                                                SHA1:8DACF9514F0C707CBBCDD6FD699E8940D42FB54E
                                                                                                                                                                                                SHA-256:0966E86FFFA5BE52D3D9E7B89DD674D98A03EED0A454FBAF7C1BD9493BD9D874
                                                                                                                                                                                                SHA-512:D5EFFBFA105BCD615E56EF983075C9EF0F52BCFDBEFA3CE8CEA9550F25B859E48B32F2EC9AA7A305C6611A3BE5E0CDE0D269588D9C2897CA987359B77213331D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK..........pJ................META-INF/PK..........pJ.T..N...........META-INF/MANIFEST.MFuR]O.0.}_....`. ........%...L...............{>.97...6..^..L..u........e<..5:..3V@..xt..0#t.hF...3..7..U........Ww`.".'..b.)wDo.~.".f......f6.....XZ......?.X..;J#.+.8..Z..Z...i@-.%3.|.....u..N4;.....%g...g..R7....D,.......u..3..b.-I.j...{......))l....(.e.`.Ie...I.NR%^.fC<.U.......w....6.:.=[..........$.*..2.Yjsu....PK........K.pJ................org/PK........K.pJ................org/slf4j/PK........K.pJ................org/slf4j/impl/PK........K.pJ.._.........#...org/slf4j/impl/OutputChoice$1.class..mO.P...w+.6+..4yP.....t........f. 1. ]w..v.Z.O.k51..>.o.F.s..$(.I.?.wn.97.......@..,.c&.,f3.....qC.M!.Bn..-cQ.........5(.A.0t.T...`...Q8..Z.wl~.Z...!..`H?.].s.g..bi.A...Z.2..oE.m....K.....k....`..c.3.......|3.{u...=....C.....uG$L.....^.g....<.....2.........`UA.....[)./>..y .!V..i(Z<.M.E;1.........Z.!.2....v..!...E.V.jqz...P..r#.R,...)G....~s..P>w..t..r..o.....&k.....?.q3..0
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):105007
                                                                                                                                                                                                Entropy (8bit):7.8886535210991395
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:Dxpeuv7xOoWmvqcQurq8vGDTRAi5yRdPPl/CJqM9ggS3OIrBTH6x0:Fguv7cfmJrUOiYRbXMbS3Ooox0
                                                                                                                                                                                                MD5:0FD8BC4F0F2E37FEB1EFC474D037AF55
                                                                                                                                                                                                SHA1:ADD8FFACE4C1936787EB4BFFE4EA944A13467D53
                                                                                                                                                                                                SHA-256:1E31EF3145D1E30B31107B7AFC4A61011EBCA99550DCE65F945C2EA4CCAC714B
                                                                                                                                                                                                SHA-512:29DE5832DB5B43FDC99BB7EA32A7359441D6CF5C05561DD0A6960B33078471E4740EE08FFBD97A5CED4B7DD9CC98FAD6ADD43EDB4418BF719F90F83C58188149
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK.........E?J................META-INF/PK.........E?J&.x~i...........META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r,J..,K-B...V..+.$x...R.KRSt.*......3R.|..R.x..J3sJ..%.....E...]..l...z.....\.\.PK.........E?J................org/PK.........E?J................org/zeroturnaround/PK.........E?J................org/zeroturnaround/zip/PK.........E?J................org/zeroturnaround/zip/commons/PK.........E?J................org/zeroturnaround/zip/extra/PK.........E?J............"...org/zeroturnaround/zip/timestamps/PK.........E?J............!...org/zeroturnaround/zip/transform/PK.........E?J............'...org/zeroturnaround/zip/ByteSource.class.U.W.U..6.l..B.7...`H..`.-.. ..g[(.b.%....q...../..G_.9.<rN.Oz...?.77.4=.;s....|w....}..2.60.....#..........!.,.X....$r".x ...?.....-x(bU.#...X...@..u|b...8...4..D.....#...d...Z.w..V.`.......&4D7.|..!.>IG..5h..^..%......`...&.9..y....N..oj.L...>9.J.)w.X..N.^..n...Q.%.7o.V-.y`l...fqq..........hyn....wJ.If..V...........r..]..Z....1..5...
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):80968
                                                                                                                                                                                                Entropy (8bit):7.4182780858750075
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:RZ2FWSNhd/4131iae+a0jnLjujUi1QqJ6cF3PK:z2ddQ131iae+HjPujfJ6E3
                                                                                                                                                                                                MD5:C9C4AC12004CC6B946CB7D49B5EB5EE5
                                                                                                                                                                                                SHA1:7E738B153194C9F54AAC1B433F8E7EFFF3BEAFD5
                                                                                                                                                                                                SHA-256:4A010C5ABE2F5BB4DD6F31B03058BC1847E985A95A68D4E1BF0FB20C030C2307
                                                                                                                                                                                                SHA-512:C324685C6A15299504C62724C3C465B28027E93269D1DF325921AC3F9A531A60DE4C6A0D1775CE0C4365717497146B7360B36B1B87C1D1BAE6ACC0E1ADC68664
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...y:.f.................b........................@.................................|.....@... ..............................0.......@..................H&...........................................................2...............................text....`.......b.................. .0`.data...@............f..............@.0..rdata...............h..............@.0@.bss....0.............................0..idata.......0.......n..............@.0..rsrc........@.......z..............@.0.................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):68
                                                                                                                                                                                                Entropy (8bit):5.097989127792336
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:oFj4I5mKLGEjWxN59Tcv:oJ5mKLGEjW/Uv
                                                                                                                                                                                                MD5:62AB6751E05AD94DFF581BB3C8619DDF
                                                                                                                                                                                                SHA1:EF076887F0092613E2E5804008283531E6C81A5B
                                                                                                                                                                                                SHA-256:1E44F206BFE73D7736B169298F7E0244BC208129791629F7CA732C40FA424FE5
                                                                                                                                                                                                SHA-512:5EF686946A44B85D4AED3F7609C5F0D9DDF8E39040E54E9BDDC65F2870FF11F5387E59EA2C9B9533E25C9C720243F6F1311CA055B4B9C077AF7537350E32261A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre..1731489098617..
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):453088
                                                                                                                                                                                                Entropy (8bit):6.413087895399404
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:PBtBN+l8CKvSHJSTHLntEToqi/9rpiAO+7lMhZeBajAt7fgcY:PB/0l1K7HLnt5DgMlgZ7AtDgcY
                                                                                                                                                                                                MD5:FBC6CCCA9154D017D647938190E4AD8D
                                                                                                                                                                                                SHA1:E753F1511F27427616E98762BA2F45D67C3D90D4
                                                                                                                                                                                                SHA-256:D0C9F193D5FB108035C24CD16495D8471295C8AE4A507CC939DCD3C31ED70836
                                                                                                                                                                                                SHA-512:D72A7B6BE718E09B0B6B2A6C32888FB29BBE34D34D1965CCE017162224DB20D4BADAAE507244E16E7A72B84A15139FC9CB6EA703925666906F73420684E0D49D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.b7...d...d...d..e...d..e...dQ..e...dQ..e...dQ..eK..d..e...d..e...d..e...d...dP..d...eV..d...e...d...d...d..d...d...e...dRich...d................PE..L......b.........."!.........R.......................................................-....@.........................._.......f..........0........................L..H...p...............................@...............4............................text............................... ..`.rdata..............................@..@.data....!...........j..............@....rsrc...0............|..............@..@.reloc...L.......N..................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):919520
                                                                                                                                                                                                Entropy (8bit):6.451407326378623
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:1x90VXSK4fSa6HXr1iWn8Zlb2h4ntHurpllQ6a:Pq4Fb6HXr1iWnU84ntHurpllQ6a
                                                                                                                                                                                                MD5:064278F42704CDCE52C8C527CF9AFBC7
                                                                                                                                                                                                SHA1:007C2A1C946EB62886AC26ADFC7C6B41EECD4D41
                                                                                                                                                                                                SHA-256:070155314AE1035E0A74729231EA97053744EC3B0D5E8D8AF0D000448924D5A9
                                                                                                                                                                                                SHA-512:9D7AE27229317F07CFD051AB8A7E4E7AC4071593FB0329BFF21CFB812086CA00CFFEBBC950A4849C233D8B2EE3D306E9A3338415DEB48CEE09C5B94704A01A70
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........M...#S..#S..#S]. R..#S].&R;.#S.'R..#S. R..#S.&R..#S].'R..#S]."R..#S.."S..#S2.*R..#S2.#R..#S2..S..#S..S..#S2.!R..#SRich..#S........PE..L...P..b.........."!.....X...................p...............................@......{9....@.........................`A..t....A.......0.......................@..L...(...p...............................@............p...............................text...nV.......X.................. ..`.rdata.......p.......\..............@..@.data...<....`.......@..............@....rsrc........0......................@..@.reloc..L....@......................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):65536
                                                                                                                                                                                                Entropy (8bit):1.3620845492150677
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:xK6n8GkUU671ge0p/mLh0rHG2CnoqdsW:98oU671gey/
                                                                                                                                                                                                MD5:39DD1E409219C7F0376F8E45DA37BD8F
                                                                                                                                                                                                SHA1:C1C37EC12A88D602D9259EDECEF3AF9F1537D728
                                                                                                                                                                                                SHA-256:F8A248EF7A7402B2A7015BFA8047230CE0F3A92CCEC173D81DA861217C76938B
                                                                                                                                                                                                SHA-512:CADE03B75C05E2493E8F25B954BF9D1F2090BD04F10C6B1796FFC1625941C63172251A63861CACE076F0B2EC43C62D13217D5D889EB358674069BF0FBC99D393
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:........0;........x..... .......8...........J...0...sun.rt._sync_Inflations.....-.......8...........J...0...sun.rt._sync_Deflations.....+.......@...........J...8...sun.rt._sync_ContendedLockAttempts..........8...........J...0...sun.rt._sync_FutileWakeups..........0...........J...(...sun.rt._sync_Parks..;.......@...........J...8...sun.rt._sync_EmptyNotifications.............8...........J...0...sun.rt._sync_Notifications..5.......8...........J...0...sun.rt._sync_SlowEnter..............8...........J...0...sun.rt._sync_SlowExit...............8...........J...0...sun.rt._sync_SlowNotify.............8...........J...0...sun.rt._sync_SlowNotifyAll..........8...........J...0...sun.rt._sync_FailedSpins............@...........J...8...sun.rt._sync_SuccessfulSpins................8...........J...0...sun.rt._sync_PrivateA...............8...........J...0...sun.rt._sync_PrivateB...............@...........J...8...sun.rt._sync_MonInCirculation...............8...........J...0...sun.rt._sync_MonScavenged...
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5038592
                                                                                                                                                                                                Entropy (8bit):6.043058205786219
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:vVkDvLSkqdbEsuV+ebMh8w+/H8pF/bmlEyGjWvcP1xQ+X7TqVAMPLfQyim8kznsY:2Ll+Mn0WHl9VA2ic/
                                                                                                                                                                                                MD5:11F7419009AF2874C4B0E4505D185D79
                                                                                                                                                                                                SHA1:451D8D0470CEDB268619BA1E7AE78ADAE0EBA692
                                                                                                                                                                                                SHA-256:AC24CCE72F82C3EBBE9E7E9B80004163B9EED54D30467ECE6157EE4061BEAC95
                                                                                                                                                                                                SHA-512:1EABBBFDF579A93BBB055B973AA3321FC8DC8DA1A36FDE2BA9A4D58E5751DC106A4A1BBC4AD1F425C082702D6FBB821AA1078BC5ADC6B2AD1B5CE12A68058805
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.D!...!...!...(.V.C...5..."...5...&...5...)...!......5...:...5... ...5...R...5.:. ...5... ...Rich!...................PE..d...p............." .........D...............................................`M.....'.M...`A........................................@.H.L&....I......@K.H.....I..............@M.....`J:.p.......................(....%..............@.......$.H......................text...4B.......D.................. ..`.wpp_sf.....`.......H.............. ..`.rdata...L*......N*.................@..@.data...hD...PI......*I.............@....pdata........I......2I.............@..@.didat.......0K.......J.............@....rsrc...H....@K.......J.............@..@.reloc.......@M.. ....L.............@..B........................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {9E5A5A93-AA4B-491F-8520-6B9F3DD0B637}, Number of Words: 0, Subject: SkimarUtils, Author: ConsolHQ LTD, Name of Creating Application: SkimarUtils, Template: ;1033, Comments: This installer database contains the logic and data required to install SkimarUtils., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2200576
                                                                                                                                                                                                Entropy (8bit):6.506405579964953
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:IigYAKjlgZcDgcYiANq4Fb6HXr1iWnU84ntHurpllQ6aHHCP1N0ZqgJt02xl:oYfjlXA5FnWnH1
                                                                                                                                                                                                MD5:C2E4DA52A0E51351A61445475FDA6E6F
                                                                                                                                                                                                SHA1:AB0717F603BB9B9BFF7AFA338589B1E3F62D1ABD
                                                                                                                                                                                                SHA-256:860CE0959BE9B74933133514CC70D382F6C24B512F7920CEEAC4F91F190D5471
                                                                                                                                                                                                SHA-512:137CD9796F2E4B79B154ACAFA3665D7C2EA1F0F473E44C5C403DD90A71D58506E1803DDEB339CEE0C6EAB83D860AF3B2A20C36E8889804ECFDFCEE310A2E0EF8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:......................>..................."...................................f...............................0...1...2...3...4...5...6...7...8...9...:...;...<...=...B...C...D...E...F...G...H...I...J...................................................................................................................................................................................................................................................................................................................................M...............................:...;........................................................................... ...!..."...#...$...%...&...'...(...)...*...4...,...-......./...0...1...2...3.......5...6...7...8...9...<...B...F...=...>...?...@...A...E...C...D...K.......G...H...I...J.......L...N..._...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^...`...*...a...b...c...d...e...........h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ISO-8859 text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3313
                                                                                                                                                                                                Entropy (8bit):4.557128068430301
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:a58tiSm9iicC7CRRS9i7cq11iUDcsMLks0h9n:WOi59rcF/Cigq11iUD5MLks0z
                                                                                                                                                                                                MD5:FC605D978E7825595D752DF2EF03F8AF
                                                                                                                                                                                                SHA1:C493C9541CAAEE4BFE3B3E48913FD9DF7809299F
                                                                                                                                                                                                SHA-256:7D697EAA9ACF50FE0B57639B3C62FF02916DA184F191944F49ECA93D0BB3374F
                                                                                                                                                                                                SHA-512:FB811DE6A2B36B28CA904224EA3525124BD4628CA9618C70EB9234AB231A09C1B1F28D9B6301581A4FA2E20F1036D5E1C3D6F1BF316C7FE78EF6EDEAE50EA40E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Copyright . 1993, 2016, Oracle and/or its affiliates...All rights reserved.....This software and related documentation are provided under a..license agreement containing restrictions on use and..disclosure and are protected by intellectual property laws...Except as expressly permitted in your license agreement or..allowed by law, you may not use, copy, reproduce, translate,..broadcast, modify, license, transmit, distribute, exhibit,..perform, publish, or display any part, in any form, or by..any means. Reverse engineering, disassembly, or..decompilation of this software, unless required by law for..interoperability, is prohibited.....The information contained herein is subject to change..without notice and is not warranted to be error-free. If you..find any errors, please report them to us in writing.....If this is software or related documentation that is..delivered to the U.S. Government or anyone licensing it on..behalf of the U.S. Government, the following notice is..applicable:...
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                Entropy (8bit):4.271470906740504
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:c3AXFshzhRSkv:c9hzhgkv
                                                                                                                                                                                                MD5:67CB88F6234B6A1F2320A23B197FA3F6
                                                                                                                                                                                                SHA1:877ACEBA17B28CFFF3F5DF664E03B319F23767A1
                                                                                                                                                                                                SHA-256:263E21F4B43C118A8B4C07F1A8ACB11CAFC232886834433E34187F5663242360
                                                                                                                                                                                                SHA-512:4D43E5EDECAB92CEBD853204C941327DCCBFD071A71F066C12F7FB2F1B2DEF59C37A15CE05C4FE06EC2EA296B8630C4E938254A8A92E149E4A0A82C4307D648F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Please refer to http://java.com/license..
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):47
                                                                                                                                                                                                Entropy (8bit):4.2563005536211715
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:c3AXFshzhRSkjn:c9hzhgkjn
                                                                                                                                                                                                MD5:4BDA1F1B04053DCFE66E87A77B307BB1
                                                                                                                                                                                                SHA1:B8B35584BE24BE3A8E1160F97B97B2226B38FA7D
                                                                                                                                                                                                SHA-256:FD475B1619675B9FB3F5CD11D448B97EDDEE8D1F6DDCCA13DED8BC6E0CAA9CF3
                                                                                                                                                                                                SHA-512:997CEE676018076E9E4E94D61EC94D5B69B148B3152A0148E70D0BE959533A13AD0BC1E8B43268F91DB08B881BF5050A6D5C157D456597260A2B332A48068980
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Please refer to http://java.com/licensereadme..
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):111645
                                                                                                                                                                                                Entropy (8bit):4.8590909329531025
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:iiVRF8bLuepEvc5O5YwT3JJ4WOHHA/AFjrlHyEepdfZ9JIH4gDq:dRMiCOjJJ4pg/0Hx9MlZ9KH47
                                                                                                                                                                                                MD5:0E05BD8B9BFCF17F142445D1F8C6561C
                                                                                                                                                                                                SHA1:CF0A9F4040603008891AA0731ABF89CE2403F2FB
                                                                                                                                                                                                SHA-256:C3EA3996241B8E9AE7DB3780E470174076FD2003D8AEFAA77BF0BAB5E04DE050
                                                                                                                                                                                                SHA-512:07C7865D31D22BA0C68E384AFEDC22261F7B3A82BEBC9324145FF7F631623ECA2DC31C71CDBBFC9FEBC1733451A095302DE2A0877821A5B68038E350969BF460
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.DO NOT TRANSLATE OR LOCALIZE....***************************************************************************....%%The following software may be included in this product:..Microsoft DirectShow - Base Classes....Use of any of this software is governed by the terms of the license below:....MSDN - Information on Terms of Use....Updated: February 13, 2008....ON THIS PAGE.... * ACCEPTANCE OF TERMS.. * PRIVACY AND PROTECTION OF PERSONAL INFORMATION.. * NOTICE SPECIFIC TO APIs AVAILABLE ON THIS WEB SITE.. * NOTICE SPECIFIC TO SOFTWARE AVAILABLE ON THIS WEB SITE.. * NOTICE SPECIFIC TO DOCUMENTATION AVAILABLE ON THIS WEB SITE.. * NOTICES REGARDING SOFTWARE, DOCUMENTATION, APIS AND SERVICES AVAILABLE ON..THIS WEB SITE.. * RESERVATION OF RIGHTS.. * MEMBER ACCOUNT, PASSWORD, AND SECURITY.. * NO UNLAWFUL OR PROHIBITED USE.. * USE OF SERVICES.. * MATERIALS PROVIDED TO MICROSOFT OR POSTED AT ANY MICROSOFT WEB SITE.. * NOTICES AND PROCEDURE FOR MAKING CLAIMS OF COP
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):180668
                                                                                                                                                                                                Entropy (8bit):5.064180003233063
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:54ct+BcF1N7m8arf1kHRSusX2NyJ9KH4PF4j52eTjLAzE7GzmCK+XNhalQxkM8QB:N7mtrf1GhMF4j5RMGQoyzaXmR
                                                                                                                                                                                                MD5:0E87879F452892B85C81071A1DDD5A2A
                                                                                                                                                                                                SHA1:2CF97C1A84374A6FBBD5D97FE1B432FA799C3B19
                                                                                                                                                                                                SHA-256:9C18836FD0B5E4B0C57CFFDB74574FA5549085C3B327703DC8EFE4208F4E3321
                                                                                                                                                                                                SHA-512:10BA68FFD9DEAB10A0B200707C3AF9E95E27AED004F66F049D41310CB041B7618EE017219C848912D5951599208D385BCB928DD33175652101C7E5BC2E3EBA5B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:DO NOT TRANSLATE OR LOCALIZE...-----------------------------....%% This notice is provided with respect to ASM Bytecode Manipulation ..Framework v5.0.3, which may be included with JRE 8, and JDK 8, and ..OpenJDK 8.....--- begin of LICENSE ---....Copyright (c) 2000-2011 France T.l.com..All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions..are met:....1. Redistributions of source code must retain the above copyright.. notice, this list of conditions and the following disclaimer.....2. Redistributions in binary form must reproduce the above copyright.. notice, this list of conditions and the following disclaimer in the.. documentation and/or other materials provided with the distribution.....3. Neither the name of the copyright holders nor the names of its.. contributors may be used to endorse or promote products derived from.. this software without specific prior written
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):983
                                                                                                                                                                                                Entropy (8bit):5.135635144562017
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:+STATDcxWpAVjXQ5cjaJ2gjQo4OSED6R8R/TtDpM:+STATD7pqjXBeJdso4OnxRc
                                                                                                                                                                                                MD5:3CB773CB396842A7A43AD4868A23ABE5
                                                                                                                                                                                                SHA1:ACE737F039535C817D867281190CA12F8B4D4B75
                                                                                                                                                                                                SHA-256:F450AEE7E8FE14512D5A4B445AA5973E202F9ED1E122A8843E4DC2D4421015F0
                                                                                                                                                                                                SHA-512:6058103B7446B61613071C639581F51718C12A9E7B6ABD3CF3047A3093C2E54B2D9674FAF9443570A3BB141F839E03067301FF35422EB9097BD08020E0DD08A4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<html>..<head>..<title>..Welcome to the Java(TM) Platform..</title>..</head>..<body>....<h2>Welcome to the Java<SUP><FONT SIZE=-2>TM</FONT></SUP> Platform</h2>..<p> Welcome to the Java<SUP><FONT SIZE=-2>TM</FONT></SUP> Standard Edition Runtime .. Environment. This provides complete runtime support for Java applications. ..<p> The runtime environment includes the Java<SUP><FONT SIZE=-2>TM</FONT></SUP> .. Plug-in product which supports the Java environment inside web browsers. ..<h3>References</h3>..<p>..See the <a href="http://download.oracle.com/javase/7/docs/technotes/guides/plugin/">Java Plug-in</a> product..documentation for more information on using the Java Plug-in product...<p> See the <a href=.."http://www.oracle.com/technetwork/java/javase/overview/"..>Java Platform</a> web site for .. more information on the Java Platform. ..<hr>..<font size="-2">..Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved...</font>..<p>..</body>..</html>..
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14912
                                                                                                                                                                                                Entropy (8bit):6.141852308272967
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:7pQMhM63XLPVT6MsMPapRuBUEp7nYe+PjPriT0fwtK:7muL7PV4aapRuBTp7nYPLr7J
                                                                                                                                                                                                MD5:D63933F4E279A140CC2A941CCFF38348
                                                                                                                                                                                                SHA1:75169BE2E9BCFE20674D72D43CA6E2BC4A5A9382
                                                                                                                                                                                                SHA-256:532D049E0D7A265754902C23B0F150D665A78A3D6FE09AD51C9BE8C29D574A3D
                                                                                                                                                                                                SHA-512:D7A5023A5EB9B0C3B2AD6F55696A166F07FA60F9D1A12D186B23AAAACC92EF948CB5DFFA013AFC90C4BBE3DE077D591185902384F677D0BAE2FF7CFD5DB5E06C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5.Z.[.Z.[.Z.[.A<..[.[.A<..Q.[.A<.._.[.S...X.[.Z.Z.D.[.A<..Y.[.A<..[.[.A<..[.[.A<..[.[.RichZ.[.................PE..L...yPjW...........!......................... .....m.........................`......em....@.........................`%......,"..P....@..x............"..@....P.. .... ............................... ..@............ ...............................text............................... ..`.rdata..d.... ......................@..@.data...`....0......................@....rsrc...x....@......................@..@.reloc..^....P....... ..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14912
                                                                                                                                                                                                Entropy (8bit):6.1347115439165085
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:0Usw4DPU3XLPVT6GsKOhWIutUinYe+PjPriT0fwyI8:ew7PVIKyWIutDnYPLr728
                                                                                                                                                                                                MD5:B4EB9B43C293074406ADCA93681BF663
                                                                                                                                                                                                SHA1:16580FB7139D06A740F30D34770598391B70AC96
                                                                                                                                                                                                SHA-256:8CD69AF7171F24D57CF1E6D0D7ACD2B35B4EA5FDF55105771141876A67917C52
                                                                                                                                                                                                SHA-512:A4E999E162B5083B6C6C3EAFEE4D84D1EC1C61DCA6425F849F352FFDCCC2E44DFEE0625C210A8026F9FF141409EEBF9EF15A779B26F59B88E74B6A2CE2E82EF9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........5.Z.[.Z.[.Z.[.A<..[.[.A<..Q.[.A<.._.[.S...X.[.Z.Z.D.[.A<..Y.[.A<..[.[.A<..[.[.A<..[.[.RichZ.[.................PE..L...zPjW...........!......................... .....m.........................`.......2....@.........................`%......,"..P....@..p............"..@....P.. .... ............................... ..@............ ...............................text............................... ..`.rdata..a.... ......................@..@.data...`....0......................@....rsrc...p....@......................@..@.reloc..^....P....... ..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):128064
                                                                                                                                                                                                Entropy (8bit):6.428684952829155
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:uN77TJSG78+5Orcj5K/e2Hrgc6kZAn1yEkBKMKy1Zf22QYHJiuzTl8ShzzM+64mn:uNXd178+5fJZnQLo
                                                                                                                                                                                                MD5:2F808ED0642BD5CF8D4111E0AF098BBB
                                                                                                                                                                                                SHA1:006163A07052F3D227C2E541691691B4567F5550
                                                                                                                                                                                                SHA-256:61DFB6126EBA8D5429F156EAAB24FF30312580B0ABE4009670F1DD0BC64F87BB
                                                                                                                                                                                                SHA-512:27DBDA3A922747A031FF7434DE5A596725FF5AE2BC6DD83D6D5565EB2BA180B0516896323294459997B545C60C9E06DA6C2D8DD462A348A6759A404DB0F023A7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[d.@:.N@:.N@:.N[..NB:.N[..NB:.N[..NK:.NIB.NE:.N@:.N{:.N[..NG:.N[..NA:.N[..NA:.N[..NA:.NRich@:.N........PE..L...rPjW...........!................#..............m................................p.....@.........................p...........P.......x...............@...........................................p...@............................................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...x...........................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):127552
                                                                                                                                                                                                Entropy (8bit):6.413283221897154
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:SdQ4jWJt4XChlFavveKSQ4gHK/e2Hrgc6kZAn1y1koKMKy1Zf22QYHJiuzTl8ShM:Sy4SJ1TFavvehc7ZnwEr
                                                                                                                                                                                                MD5:C3DED5F41E28FAF89338FB46382E4C3E
                                                                                                                                                                                                SHA1:6F77920776D39550355B146D672C199A3941F908
                                                                                                                                                                                                SHA-256:4691603DFABE6D7B7BEAC887DADC0E96243C2FF4F9A88CE3793E93356C53AA08
                                                                                                                                                                                                SHA-512:23621F2856899F40CFA9858DC277372BFE39F0205377543EB23E94422D479A53FDF664F4A9A4515C2285811F01D91AB64A834A03A4D3AB0CB7D78F8AF11135FF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[d.@:.N@:.N@:.N[..NB:.N[..NB:.N[..NK:.NIB.NE:.N@:.N{:.N[..NG:.N[..NA:.N[..NA:.N[..NA:.NRich@:.N........PE..L...sPjW...........!...............................m......................................@.........................@...........P.......p...............@...........................................H...@............................................text...n........................... ..`.rdata..............................@..@.data...............................@....rsrc...p...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):97856
                                                                                                                                                                                                Entropy (8bit):6.467907542894502
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:/fHGbDtpt+WfGegcX30EJ4YHiYmRkgAPe+GP8uWg1kQOPt:/w2WfGe/30EWbY4Z+GpWuHOPt
                                                                                                                                                                                                MD5:F78D2BF2C551BE9DF6A2F3210A2964C1
                                                                                                                                                                                                SHA1:B6A4160ECA4C0D0552234FF69BCFDF45F0A2A352
                                                                                                                                                                                                SHA-256:9D18E5421A8606985FA54D7CEA921D1B8930358A2E4CDF5FDF2A8B3E4D857288
                                                                                                                                                                                                SHA-512:AAC8622683BE57518F8B03198A03BF1F760E082692C1FB6252E96CDBA19D3CEB0A6786CCBD7B98830E865297308FA99DBBEA464E41041ABDDA18AEB862BA993F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./zR/k.<|k.<|k.<|p..|{.<|p..|2.<|bc.|n.<|k.=|7.<|p..|O.<|p..|j.<|p..|j.<|p..|j.<|Richk.<|........................PE..L...pPjW...........!................At.............p................................7P....@..........................9..A....1..<....................f..@............................................,..@...............@............................text...\........................... ..`.rdata..Qg.......h..................@..@.data...`,...P.......8..............@....rsrc................F..............@..@.reloc..J............N..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):95808
                                                                                                                                                                                                Entropy (8bit):6.48897048228647
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:EHSB4i2hJwZaDEoDVzkhbyJCAqn9nV+1vkJnHBoY8BK5Hj:EJJwZWEoDVYby81yiBovkHj
                                                                                                                                                                                                MD5:E5A6231FE1E6FEC5F547DFD845D209BC
                                                                                                                                                                                                SHA1:3F21F90ECC377B6099637D5B59593D2415450D45
                                                                                                                                                                                                SHA-256:51355EA8A7DC238483C8069361776103779CE9FE3CD0267770E321E6E4368366
                                                                                                                                                                                                SHA-512:D5D20DF0089F3217B627D39ABD57C61E026D0DC537022FB698F85FA6893C7FA348C40295DEEC78506F0EF608827D39E2F6F3538818BA25E2A0EE1145FCC95940
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./zR/k.<|k.<|k.<|p..|{.<|p..|2.<|bc.|n.<|k.=|7.<|p..|O.<|p..|j.<|p..|j.<|p..|j.<|Richk.<|........................PE..L...qPjW...........!................!o.............p......................................@.........................p7..>...<0..<.......x............^..@...........................................(+..@...............@............................text...<........................... ..`.rdata...e.......f..................@..@.data...`,...P.......0..............@....rsrc...x............>..............@..@.reloc..J............F..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1182272
                                                                                                                                                                                                Entropy (8bit):6.63089480914076
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:68M4H6ioDs5FELnSbY6Ck2IlAnVCXQlFg3:9eaGnkXQlFQ
                                                                                                                                                                                                MD5:159CCF1200C422CED5407FED35F7E37D
                                                                                                                                                                                                SHA1:177A216B71C9902E254C0A9908FCB46E8D5801A9
                                                                                                                                                                                                SHA-256:30EB581C99C8BCBC54012AA5E6084B6EF4FCEE5D9968E9CC51F5734449E1FF49
                                                                                                                                                                                                SHA-512:AB3F4E3851313391B5B8055E4D526963C38C4403FA74FB70750CC6A2D5108E63A0E600978FA14A7201C48E1AFD718A1C6823D091C90D77B17562B7A4C8C40365
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.Q...?...?...?......?.......?.......?.z...?.......?.......?...>.;.?.....s.?.....w.?.......?.......?.......?.Rich..?.........................PE..L...nPjW...........!................,G.............m.........................P......Y.....@.................................,{...........N..............@....P......................................v..@............... ....V..`....................text...<........................... ..`.rdata.............................@..@.data...8....@...~...2..............@....rsrc....N.......P..................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15424
                                                                                                                                                                                                Entropy (8bit):6.380726588633652
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:1Td3hw/L3kKLnYgIOGOOssnPV5Lnf6onYPLr7EbH:1zw/bkKLt7KnddnfPC7S
                                                                                                                                                                                                MD5:A46289384F76C2A41BA7251459849288
                                                                                                                                                                                                SHA1:4D8EF96EDBE07C8722FA24E4A5B96EBFA18BE2C4
                                                                                                                                                                                                SHA-256:728D64BC1FBF48D4968B1B93893F1B5DB88B052AB82202C6840BF7886A64017D
                                                                                                                                                                                                SHA-512:34D62BEB1FA7D8630F5562C1E48839CE9429FAEA980561E58076DF5F19755761454EEB882790EC1035C64C654FC1A8CD5EB46ECA12E2BC81449ACBB73296C9E8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W..W..W../x.W...w.W..W..W....s.W...u.W...@.W...A.W...p.W...q.W...v.W..Rich.W..........................PE..L...nPjW...........!......................... .....m.........................`.......9....@..........................'......|$..<....@...............$..@....P....... ..............................8#..@............ ...............................text............................... ..`.rdata..v.... ......................@..@.data...p....0......................@....rsrc........@......................@..@.reloc.......P......."..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1447
                                                                                                                                                                                                Entropy (8bit):4.228834598358894
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:+3AKdmzfuv6pBSyGJkR/4o6kn2SRGehD+GrspGC/hLRra:BzMUBLGJkBA+RGeV+GrspGC/TO
                                                                                                                                                                                                MD5:F4188DEB5103B6D7015B2106938BFA23
                                                                                                                                                                                                SHA1:8E3781A080CD72FDE8702EB6E02A05A23B4160F8
                                                                                                                                                                                                SHA-256:BD54E6150AD98B444D5D24CEA9DDAFE347ED11A1AAE749F8E4D59C963E67E763
                                                                                                                                                                                                SHA-512:0BE9A00A48CF8C7D210126591E61531899502E694A3C3BA7C3235295E80B1733B6F399CAE58FB4F7BFF2C934DA7782D256BDF46793F814A5F25B7A811D0CB2E3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview: -Xmixed mixed mode execution (default).. -Xint interpreted mode execution only.. -Xbootclasspath:<directories and zip/jar files separated by ;>.. set search path for bootstrap classes and resources.. -Xbootclasspath/a:<directories and zip/jar files separated by ;>.. append to end of bootstrap class path.. -Xbootclasspath/p:<directories and zip/jar files separated by ;>.. prepend in front of bootstrap class path.. -Xnoclassgc disable class garbage collection.. -Xincgc enable incremental garbage collection.. -Xloggc:<file> log GC status to a file with time stamps.. -Xbatch disable background compilation.. -Xms<size> set initial Java heap size.. -Xmx<size> set maximum Java heap size.. -Xss<size> set java thread stack size.. -Xprof output cpu profiling data.. -Xfuture enable strictest checks, an
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3857984
                                                                                                                                                                                                Entropy (8bit):6.850425436805504
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:98304:GyXul1SNceWfkD000V3wnIACM7g6cv/GZ:Q1SgfEP0ZwnIA97dcv/GZ
                                                                                                                                                                                                MD5:39C302FE0781E5AF6D007E55F509606A
                                                                                                                                                                                                SHA1:23690A52E8C6578DE6A7980BB78AAE69D0F31780
                                                                                                                                                                                                SHA-256:B1FBDBB1E4C692B34D3B9F28F8188FC6105B05D311C266D59AA5E5EC531966BC
                                                                                                                                                                                                SHA-512:67F91A75E16C02CA245233B820DF985BD8290A2A50480DFF4B2FD2695E3CF0B4534EB1BF0D357D0B14F15CE8BD13C82D2748B5EDD9CC38DC9E713F5DC383ED77
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$=.$`\.w`\.w`\.w{.Twb\.w..Pwf\.w{.Vwl\.w{.bwl\.wi$[wo\.w`\.w}].w{.cw-^.w{.Swa\.w{.Rwa\.w{.Uwa\.wRich`\.w........PE..L...nPjW...........!......,...........+.......,....m..........................<......q;...@...........................4.......4.......9.(.............:.@.... 9..G....,..............................t2.@.............,.P............................text.....+.......,................. ..`.rdata..Y.....,.......,.............@..@.data...d.....5..*....4.............@....rsrc...(.....9......"7.............@..@.reloc..\.... 9......(7.............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):142912
                                                                                                                                                                                                Entropy (8bit):7.350682736920136
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:aoGzTjLkRPQ9U9NuLqcNicj5ojGylYCE2Iu2jGLF5A9bE8LUekfCz:LGz/oRPGLJN1IGgYCE2L1F5A9bEGUeR
                                                                                                                                                                                                MD5:4BDC32EF5DA731393ACC1B8C052F1989
                                                                                                                                                                                                SHA1:A677C04ECD13F074DE68CC41F13948D3B86B6C19
                                                                                                                                                                                                SHA-256:A3B35CC8C2E6D22B5832AF74AAF4D1BB35069EDD73073DFFEC2595230CA81772
                                                                                                                                                                                                SHA-512:E71EA78D45E6C6BD08B2C5CD31F003F911FD4C82316363D26945D17977C2939F65E3B9748447006F95C3C6653CE30D2CDA67322D246D43C9EB892A8E83DEB31A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k..K.c.K.c.K.c.Br..I.c.P...H.c.P...I.c.P...N.c.K.b.m.c.P...m.c.P...J.c.P...J.c.P...J.c.RichK.c.........................PE..L...nPjW...........!.........Z......V.............Sm.........................@.......!....@.................................<...P.... ..................@....0..........................................@............................................text...n........................... ..`.rdata........... ..................@..@.data....+.......(..................@....rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):64064
                                                                                                                                                                                                Entropy (8bit):6.338192715882019
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:Skh2CQuUlng7qkKi5iO8pm8cN9qOU33oit:Skkhu0nTli5jN8cNAOUHnt
                                                                                                                                                                                                MD5:B04ABE76C4147DE1D726962F86473CF2
                                                                                                                                                                                                SHA1:3104BADA746678B0A88E5E4A77904D78A71D1AB8
                                                                                                                                                                                                SHA-256:07FF22E96DCFD89226E5B85CC07C34318DD32CDA23B7EA0474E09338654BFEB3
                                                                                                                                                                                                SHA-512:2E4E2FEB63B6D7388770D8132A880422ABF6A01941BFF12CAD74DB4A641BDA2DCC8BF58F6DAE90E41CC250B79E7956DDF126943E0F6200272F3376A9A19505F1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?...{.|.{.|.{.|..N..y.|.{.}.g.|.v.x.|.v.y.|.v.w.|.v.y.|....Z.|....z.|.v.z.|....z.|.Rich{.|.........................PE..L...nPjW...........!......... ......_.............Vm......................... .......*....@.....................................<.......................@...........................................(...@...............t............................text............................... ..`.rdata..............................@..@.data...\...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):453184
                                                                                                                                                                                                Entropy (8bit):6.516599034237354
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:3J/sbugq7rm5zX2JDYfiA9+wvpsEWcIGnFm8iTFOBITfnvxIW1x8:3JUbzq+5zX25qvdfnFm88nvq+x8
                                                                                                                                                                                                MD5:5EDAEFFC60B5F1147068E4A296F6D7FB
                                                                                                                                                                                                SHA1:7D36698C62386449A5FA2607886F4ADF7FB3DEEF
                                                                                                                                                                                                SHA-256:87847204933551F69F1CBA7A73B63A252D12EF106C22ED9C561EF188DFFCBAE8
                                                                                                                                                                                                SHA-512:A691EF121D3AC17569E27BB6DE4688D3506895B1A1A8740E1F16E80EEFCE70BA18B9C1EFD6FD6794FAFC59BA2CAF137B4007FCDC65DDB8BCBFCF42C97B13535B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T...:...:...:.......:.e....:......:......:.....:....:....:...;.`.:......:.......:.......:.......:.Rich..:.................PE..L...oPjW...........!.........:......n.............Xm................................-.....@.........................@...\6..............................@.......|8..................................Xh..@...............X...8........................text............................... ..`.rdata...;.......<..................@..@.data...............................@....rsrc...............................@..@.reloc..ZE.......F..................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):25152
                                                                                                                                                                                                Entropy (8bit):6.627329311560644
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:0mgNWEfK0RiC4qxJL8VI6ZEPG5Vv/11nYPLr7N:H6WmK0RiSxJ4VI6W+zbC7N
                                                                                                                                                                                                MD5:72B7054811A72D9D48C95845F93FCD2C
                                                                                                                                                                                                SHA1:D25F68566E11B91C2A0989BCC64C6EF17395D775
                                                                                                                                                                                                SHA-256:D4B63243D1787809020BA6E91564D17FFEA4762AF99201E241F4ECD20108D2E8
                                                                                                                                                                                                SHA-512:C6A16DAAF856939615DFDE8E9DBE9D5BFC415507011E85E44C6BF88B17B705C35CD7CED8EDA8F358745063F41096938D128DEE17E14FE93252E5B046BDFCDDC0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%..cK.cK.cK....cK....cK.cJ.cK....cK....cK....cK....cK....cK....cK.Rich.cK.........PE..L...nPjW...........!.....*...........4.......@....|m................................:6....@.........................0M.......H..<....p...............J..@............A...............................F..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........`.......@..............@....rsrc........p.......B..............@..@.reloc..z............F..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21568
                                                                                                                                                                                                Entropy (8bit):6.601333059222365
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:QwiAYZIxsQbbRLEs5Ltd7rpPVJfq0nYPLr7Ko+:BiPZj+bVEmtd7rpdJfnC7J+
                                                                                                                                                                                                MD5:73603BF0DC85CAA2F4C4A38B9806EC82
                                                                                                                                                                                                SHA1:74EBC4F158936842840973F54AF50CDF46BC9096
                                                                                                                                                                                                SHA-256:39EF85AB21F653993C8AAAB2A487E8909D6401A21F27CBA09283B46556FB16AF
                                                                                                                                                                                                SHA-512:5C238D677D458D5B7D43FA3FF424E13B62ABFCEDE66D55E3112DC09BF2F7B640EB8F82D00E41A2C7A7E7B36E3FCE3C2DCB060037314418D329466CC462D0BF71
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..<...<...<...'<8.>...'<:.>...'<..>...<...v...5.7.9...'<..1...'<?.=...'<>.=...'<9.=...Rich<...........................PE..L...nPjW...........!.................&.......0....}m................................F.....@..........................A..U....<..P....`...............<..@....p......@1..............................x;..@............0..(............................text............................... ..`.rdata.......0....... ..............@..@.data........P.......2..............@....rsrc........`.......4..............@..@.reloc.......p.......8..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):827456
                                                                                                                                                                                                Entropy (8bit):6.022966185458799
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:E0NweWDjb28WNjE/lBy/pUbS3lYMpQIRrAOh3:7Wb5By/pUbouAQIRHh3
                                                                                                                                                                                                MD5:E741028613B1FC49EC5A899BE6E3FC34
                                                                                                                                                                                                SHA1:9EAE3D3CA22E92A925395A660B55CECB2EB62D54
                                                                                                                                                                                                SHA-256:9163A546696E581D443B3A6250F61E5368BE984C69ADFB54EE2B0E51D0FA008E
                                                                                                                                                                                                SHA-512:05C6CE707F4F0F415E74D32F1AACEC7E2C7746C3D04C75502EAECAFAF9E0108CE6206A8A3939C92EDCE449FFC0A68FB4389EDAA93D61920D1EC85327D1B3A55A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Vu.'...t...t...t..Tt...t.lIt...t.lYt...t...t...t}bat...t..`t...t..at{..t..Qt...t..Pt...t..Wt...tRich...t................PE..L...pPjW...........!................T.............`m.....................................@.........................................P..................@....p..\^.....................................@...............X...........................text...,........................... ..`.rdata..8...........................@..@.data....t.......R..................@....rsrc........P......................@..@.reloc..zr...p...t..................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):907328
                                                                                                                                                                                                Entropy (8bit):6.160830535423145
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:ZyWOeRjqm9ZRI+Ga+fme7CV93+x6FQ3ge:VRAeMme7kA6F6ge
                                                                                                                                                                                                MD5:4FD3548990CAF9771B688532DEF5DE48
                                                                                                                                                                                                SHA1:567C27A4EA16775085D8E87A38FE58BEC4463F7D
                                                                                                                                                                                                SHA-256:BDE5DF7BCFC35270B57A8982949BF5F25592A2E560A04E9868B84BEF83A0EA4B
                                                                                                                                                                                                SHA-512:FD2CF2072A786293E30CD495BA06F4734F0CEA63CBC49B6D7A24F6891612375E48D1B5758D9408625E769E8A81C7C34F04278E011BCF47EDEB8C2AFC13AEC20C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............x...x...x....k..x...._..x....v..x....f..x...x...y....^..x....^..x....n..x....o..x....h..x..Rich.x..........................PE..L...nPjW...........!.................D.......0....mm................................t.....@..........................>......."..........................@........c...5..............................p...@............0..4............................text............................... ..`.rdata..T....0......................@..@.data...$Y...@...6...,..............@....rsrc................b..............@..@.reloc...g.......h...X..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):109120
                                                                                                                                                                                                Entropy (8bit):5.986571003903383
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:LE9WcstxlDgZ9EYDKg0nc6N3MR+EpOB+o+5PVT/B:ghspgZPDanhs+EpOBF+5PFB
                                                                                                                                                                                                MD5:A5455B9BEB5672D89B1F0FCFAA4C79CA
                                                                                                                                                                                                SHA1:9C7DBB5AD1CB3EBE7347A9CDDD80389902DA81EC
                                                                                                                                                                                                SHA-256:89A429889DCD0F6A3FE56217A0FEB5912132AAB2817643021EAE3716DA533D4A
                                                                                                                                                                                                SHA-512:131866A4754F4AF78A94F0776815E7EA4375736A4B11A723B87A4436FA101D271FFE14E4B49D3AB1AE2FA61CDBDED0C3D174C75327BE3C24E0E4CC39AFFA9469
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ot....Z...Z...Z..Z...ZC@.Z...Z..Z...Z..Z...Z.v.Z...Z.v.Z...Z...Z...Z.x.Z...Z..Z...Z..Z...Z..Z...Z..Z...ZRich...Z........................PE..L...oPjW...........!..............................~m......................................@.........................P...J............0...t..............@...........P...............................0...@............... ...d...`....................text............................... ..`.rdata...D.......F..................@..@.data...0...........................@....rsrc....t...0...v..................@..@.reloc...............|..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):223296
                                                                                                                                                                                                Entropy (8bit):6.501845596055873
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:8P8OC0xbNXLJAEh4hijzud6kAgZkFGMReiDfbgOBI1:8P8OC0xbNXLJAEh4hijzud6kAgYGSA
                                                                                                                                                                                                MD5:9D5EDECF7E33DDD0E2A6A0D34FC12CA1
                                                                                                                                                                                                SHA1:FC228A80FF85D78AA5BFBA2515EFED3257B9B009
                                                                                                                                                                                                SHA-256:6D817519C2E2EFDD3986EB655C1F687D4774730AB20768DF1C0AAEF03B110965
                                                                                                                                                                                                SHA-512:B4D58D3415D0255DCD87EF413762BC0F2934AAA6C8151344266949D3DD549ABDCA1366FA751A988CDDC1430EBF5D17668ADF02096DD4D5EAFE75604C0DA0B4C9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......wG.s3&. 3&. 3&. .h. 0&. (.. 6&. :^. ;&. (.. 4&. 3&. n&. (.4 n&. (.5 "&. (.. 2&. (.. 2&. (.. 2&. Rich3&. ........PE..L...oPjW...........!.........~.....................m.................................e....@......................... ;.......1.......`...............P..@....p......................................@...@............................................text............................... ..`.rdata...O.......P..................@..@.data........@.......,..............@....rsrc........`.......8..............@..@.reloc..L....p.......<..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):151104
                                                                                                                                                                                                Entropy (8bit):6.548096027649263
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:PPuiQNBInyjJ2y53/5d8n9e/ry7zOAHpyWWJd1u2TeKSNlGFGZQfVN2:iBInu2y5P5dkeDy7zOUpLJ2mHZQf2
                                                                                                                                                                                                MD5:7A710F90A74981C2F060FA361D094822
                                                                                                                                                                                                SHA1:FBDCA4E3F19AD5201572974E3C772A3C2694FBB3
                                                                                                                                                                                                SHA-256:9BC52058C02E0C87A6A9470C62D1AA4F998942CC00F99A82E7805E87D958BC16
                                                                                                                                                                                                SHA-512:928708DFF6A372BA997C072238823469CBFD28CCBB17A723AD35F851D35C6EFF82748AA41A9215955B9536A14AA57D47ABE0F1BA00D11F8D920A57F91B7A35E5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................5......7.....................&.......8.......#.....5.........................4......3.....6.....Rich....................PE..L...oPjW...........!................g..............m.........................p............@.........................0...P............@...............6..@....P..........................................@...............4............................text............................... ..`.rdata...g.......h..................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):200768
                                                                                                                                                                                                Entropy (8bit):6.431501859060678
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:lC0MaRHVsSduCCkNlKpR1FHNnuNcCwJPT54l2B3Fzkmldrz5ZD9hYJOj9T3iRK:s0XR1sYtxgGl2B3uWjhYJOj9TSY
                                                                                                                                                                                                MD5:434CBB561D7F326BBEFFA2271ECC1446
                                                                                                                                                                                                SHA1:3D9639F6DA2BC8AC5A536C150474B659D0177207
                                                                                                                                                                                                SHA-256:1EDD9022C10C27BBBA2AD843310458EDAEAD37A9767C6FC8FDDAAF1ADFCBC143
                                                                                                                                                                                                SHA-512:9E37B985ECF0B2FEF262F183C1CD26D437C8C7BE97AA4EC4CD8C75C044336CC69A56A4614EA6D33DC252FE0DA8E1BBADC193FF61B87BE5DCE6610525F321B6DC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............g_..g_..g_..._..g_..._..g_..._..g_..._..g_aT._..g_aT._..g_aT._..g_..f_..g_..._..g_.._..g_.._..g_..._..g_.._..g_Rich..g_........................PE..L...oPjW...........!...............................m.........................0............@..........................l..................X&..............@........(......................................@...............<....^.......................text...\........................... ..`.rdata..............................@..@.data...\"..........................@....rsrc...X&.......(..................@..@.reloc...(.......*..................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):400960
                                                                                                                                                                                                Entropy (8bit):6.165546757090391
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:vxDvEpBGH7t7PB7Es7va/QdqOBYswIprNWhk+URpxfu4w7J:tvEpBGH7pN57vwQd6swIp5WhkRlfu4CJ
                                                                                                                                                                                                MD5:767BBA46789597B120D01E48A685811E
                                                                                                                                                                                                SHA1:D2052953DDE6002D590D0D89C2A052195364410A
                                                                                                                                                                                                SHA-256:218D349986E2A0CD4A76F665434F455A8D452F1B27EAF9D01A120CB35DA13694
                                                                                                                                                                                                SHA-512:86F7F7E87514DBC62C284083D66D5F250A24FC5CD7540AF573C3FB9D47B802BE5FFBBC709B638F8E066AB6E4BB396320F6E65A8016415366799C74772398B530
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j..'..{t..{t..{t.g.t).{t#..t-.{t#..t".{t#..t".{t#..t,.{tS..ty.{t.8.t".{t..zt..{tS..t/.{t#..t/.{tS..t/.{tRich..{t................PE..L...oPjW...........!.....V...........=.......p.....m.........................P............@.............................^...............................@.... ..h'......................................@............p...............................text....T.......V.................. ..`.rdata...j...p...l...Z..............@..@.data.... ..........................@....rsrc...............................@..@.reloc..h'... ...(..................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):514112
                                                                                                                                                                                                Entropy (8bit):6.805344203686025
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:Y5JbfdT5NYGe8m51QSWvopH1kdMDbA2ZoNnYX:Y5JV7eB3KopvnAe2YX
                                                                                                                                                                                                MD5:8D0CE7151635322F1FE71A8CEA22A7D6
                                                                                                                                                                                                SHA1:81E526D3BD968A57AF430ABB5F55A5C55166E579
                                                                                                                                                                                                SHA-256:43C2AC74004F307117D80EE44D6D94DB2205C802AE6F57764810DEE17CFC914D
                                                                                                                                                                                                SHA-512:3C78C0249B06A798106FEAF796AA61D3A849F379BD438BF0BB7BFED0DC9B7E7EA7DE689BC3874ED8B97FF2B3BA40265DED251896E03643B696EFDBF2E01AC88C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Es.J$..J$..J$....N$..Gv..I$..Gv.G$..Gv..G$..Gv..H$..7]..%$.....B$..7]..H$..J$...%..7]..K$..Gv.K$..7].K$..RichJ$..........PE..L...pPjW...........!................g..............m......................................@..........................F.......I..........................@.......lT...................................E..@............................................text............................... ..`.rdata..............................@..@.data....0...`..."...D..............@....rsrc................f..............@..@.reloc..lT.......V...j..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):132672
                                                                                                                                                                                                Entropy (8bit):6.708436670828807
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:HGBc2vf2AWlvx+Kre9vVv3CoLORljxWEXyB/NK3GyNf9:mxvffVvyo0X8NKW+1
                                                                                                                                                                                                MD5:6376B76728E4A873B2BB7233CBCD5659
                                                                                                                                                                                                SHA1:3BE08074527D5B5BC4A1DDCEC41375E3B3A8A615
                                                                                                                                                                                                SHA-256:4FDF86D78ABC66B44B8AFF4BBCE1F2A5D6D9900767BE3CAAE450409924DBC5AD
                                                                                                                                                                                                SHA-512:955E7C5AB735183B491A753710B6F598A142A2876DDAE5AD301C3DA82A65CE82238E0F20C9F558F80138D58F8DC00B4EBD21483CEED0AABEEDA32CCA5D2E3D48
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........vu^............8Y...............................o..............................................Rich............................PE..L...oPjW...........!.....z...x......_..............m......................... ......^.....@.............................i...|...d.......................@........................................... ...@...............d............................text...Ny.......z.................. ..`.rdata...N.......P...~..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):115776
                                                                                                                                                                                                Entropy (8bit):6.787384437276838
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:0LHPDcdivqC4xMfl/hAxfZ/t0QHQIM7iVxoQCpGlyir0wIOfnToIfemrVZQirM:0rPDco4xMNEfZ1LQG4igmvTBfem7QcM
                                                                                                                                                                                                MD5:AB6ED0CFD0C52DBEDE1BE910EFA8A89B
                                                                                                                                                                                                SHA1:83CBC2746A50C155261407ECE3D7A5C58AAD0437
                                                                                                                                                                                                SHA-256:8A6FBB08E0F418A3BB80CC65233E7270C820741DD57525ED7FD3CC479A49396E
                                                                                                                                                                                                SHA-512:41773183FC20E42BF208064163AA55658692B9221560146E4F6A676F96FC76541ED82F1EFDFA31F8C25BA42F271F7D9087DE681DA937BBF0EB2C781E027F1218
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........g0...c...c...c..c...c...c...cP..c...c.|.c...c.|.c...c.|.c...c.|.c...c.|.c...c.|.c...cRich...c........PE..L...oPjW...........!........................0.....m......................................@.........................@.......|...(.......................@...........p1.............................. ...@............0..0............................text...L........................... ..`.rdata...f...0...h..................@..@.data....,..........................@....rsrc...............................@..@.reloc..Z...........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16448
                                                                                                                                                                                                Entropy (8bit):6.490137326885244
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:WCMJqfiSZzDonPV5TyVIbb8nYPLr7VblXT:WLJqrNkndQIsC7Vhj
                                                                                                                                                                                                MD5:1F004C428E01F8BEB07B52EB9659A661
                                                                                                                                                                                                SHA1:4D6AAB306CB1F4925890BF69FCDF32BBFE942B81
                                                                                                                                                                                                SHA-256:1BDEFECDF8CFA3F6DA606AD4D8BD98EC81E4A244D459A141723CCB9DC47E57CB
                                                                                                                                                                                                SHA-512:61888A778394950D2840E4D211196FFE1CB18FA45D092CBADBEDF2809BDED3D4421330CFE95392DD098E4AE3F6F8A3070E273FFCA2FB495C43C76332CA331DBF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3...w.x^w.x^w.x^...^v.x^l..^u.x^l..^u.x^l..^u.x^~..^r.x^w.y^[.x^l..^y.x^l..^v.x^l..^v.x^l..^v.x^Richw.x^........PE..L...oPjW...........!.........................0.....m.........................p.......!....@..........................7.......2..P....P...............(..@....`..`....0..............................`1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...h....@....... ..............@....rsrc........P......."..............@..@.reloc.......`.......&..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):51264
                                                                                                                                                                                                Entropy (8bit):6.576803205025954
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:urOHh9t7/GAzqHcGxAARrZT9ixHDyo/r0rV9LrBH1bjPEwhEdheBwHWQFgE/XudL:G+9t7/qHcGHuy/pb
                                                                                                                                                                                                MD5:3A744B78C57CFADC772C6DE406B6B31E
                                                                                                                                                                                                SHA1:A89BF280453C0BCF8C987B351C168AEB3D7F7141
                                                                                                                                                                                                SHA-256:629393079539B1B9849704CE4757714D1CBE5C80E82C6BB3BC4445F4854EFA7B
                                                                                                                                                                                                SHA-512:506A147F33C09FA7338E0560F850E42139D0875EF48C297DDB3CC3A29F12822011915FACCB21DA908CF51A462F0EBA56B6B37C71D9C0F842BDE4A697FB4FFB64
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O^;w.?U$.?U$.?U$.G.$.?U$...$.?U$.?T$&?U$...$.?U$...$.?U$...$.?U$...$.?U$...$.?U$...$.?U$Rich.?U$........................PE..L...oPjW...........!.....v...8......l..............m................................O1....@.............................u...|...<.......................@.......................................... ...@............................................text...~t.......v.................. ..`.rdata...'.......(...z..............@..@.data...............................@....rsrc...............................@..@.reloc..V...........................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19520
                                                                                                                                                                                                Entropy (8bit):6.452867740862137
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:45kF/QP8xkI6hgWIE0PVlyJSZ9nYPLr7+:4SqP7I6rkd4EfC7+
                                                                                                                                                                                                MD5:503275E515E3F2770A62D11E386EADBF
                                                                                                                                                                                                SHA1:C7BE65796AA0E490779F202C67EEC5E9FBB65113
                                                                                                                                                                                                SHA-256:97B5D1C8E7AAACE5C86A418CB7418D3B0BA4F5E178DE3CF1031029F7F36832AF
                                                                                                                                                                                                SHA-512:AC7C0CB626C2D821F0F4E392EE4E02C9E0093F019AA5B2947E0C7B3290A0098A3D9BB803AB44FD304CA1F1D272CFB7B775E3C75C72C7523FF7240F38440CFC3C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."..|fl./fl./fl./}.(/dl./}.*/gl./}../dl./o.'/al./fl./_l./}../kl./}.//gl./}../gl./}.)/gl./Richfl./................PE..L...pPjW...........!.........................0.....m.........................p............@..........................=.......8..d....P...............4..@....`..\....1...............................6..@............0...............................text............................... ..`.rdata..w....0......................@..@.data...`....@.......*..............@....rsrc........P.......,..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):30784
                                                                                                                                                                                                Entropy (8bit):6.413942547146628
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:+HhfWinfwUFAvnb5TIUX+naSOu9MQQ5jhC7EY:cuin5FAvNTIUX+nbMQQ54EY
                                                                                                                                                                                                MD5:530D5597E565654D378F3C87654CCABA
                                                                                                                                                                                                SHA1:6FAC0866EE0E68149AC0A0D39097CEF8F93A5D9E
                                                                                                                                                                                                SHA-256:0CFAA99AE669DDC00BD59B5857F725DFF5D4C09834E143AB1B5C5F0B5801D13B
                                                                                                                                                                                                SHA-512:D7520A28C3054160FCD62C9D816A27266BE9333E00794434FB4529F0FF49A2B08E033B5E67A823E5C184EE2D19D7F615FF9EE643FE71C84011A7E5C03251F3B4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............I...I...I..HI...I..JI...I..~I...I..GI...I...I..I...I...I..NI...I..II...IRich...I........PE..L....DjW.................0...,.......1.......@....@..................................<....@.................................dR..x....p...............`..@.......t....A...............................P..@............@..p............................text............0.................. ..`.rdata.......@.......4..............@..@.data........`.......N..............@....rsrc........p.......P..............@..@.reloc..p............Z..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15936
                                                                                                                                                                                                Entropy (8bit):6.466457942735197
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:GpsbHnDiW6gejmSHhV8cGees7snYPLr7Wj53:GpsbHn/HS/8cresgC743
                                                                                                                                                                                                MD5:CF2F023D2B5F0BFB2ECF8AEEA7C51481
                                                                                                                                                                                                SHA1:6EB867B1AC656A0FC363DFAE4E2D582606D100FB
                                                                                                                                                                                                SHA-256:355366D0C7D7406E2319C90DF2080C0FAE72D9D54E4563C48A09F55CA68D6B0C
                                                                                                                                                                                                SHA-512:A2041925039238235ADC5FE8A9B818DFF577C6EA3C55A0DE08DA3DEDD8CD50DC240432BA1A0AEA5E8830DCDCCD3BFBF9CF8A4F21E9B56DC839E074E156FC008D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW..................................... ....@..........................`......B.....@..................................#..P....@..\............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata..z.... ......................@..@.data........0......................@....rsrc...\....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):126528
                                                                                                                                                                                                Entropy (8bit):6.8082748642937725
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:Kw2b3Kr+uWU9XzFhziJ1TBZAhsIn/B9NZwMgjeNXLD:43KFFheLCBpV/
                                                                                                                                                                                                MD5:73BD0B62B158C5A8D0CE92064600620D
                                                                                                                                                                                                SHA1:63C74250C17F75FE6356B649C484AD5936C3E871
                                                                                                                                                                                                SHA-256:E7B870DEB08BC864FA7FD4DEC67CEF15896FE802FAFB3009E1B7724625D7DA30
                                                                                                                                                                                                SHA-512:EBA1CF977365446B35740471882C5209773A313DE653404A8D603245417D32A4E9F23E3B6CD85721143D2F9A0E46ED330C3D8BA8C24AEE390D137F9B5CD68D8F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!..r..r..r.W.r..r.W(r..r...r..r..(r..r...r..r.W.r..r..r..r.W)r..r.W.r..r.W.r..r.W.r..rRich..r................PE..L...qPjW...........!..... ...........(.......0.....m................................6N....@......................... u...B...U..........................@............5...............................S..@............0......<U..@....................text...b........ .................. ..`.rdata.......0.......$..............@..@.data...............................@....rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):191040
                                                                                                                                                                                                Entropy (8bit):6.75061028420578
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:iUJiEoGLsncZizZQ7QBdCPdG3TBfMzrjZqMNGSplN2:iUJsnVzy7QBdC1G3TBEvFp6
                                                                                                                                                                                                MD5:E3E51A21B00CDDE757E4247257AA7891
                                                                                                                                                                                                SHA1:7F9E30153F1DF738179FFF084FCDBC4DAE697D18
                                                                                                                                                                                                SHA-256:7E92648B919932C0FBFE56E9645D785D9E18F4A608DF06E7C0E84F7CB7401B54
                                                                                                                                                                                                SHA-512:FC2981A1C4B2A1A3E7B28F7BF2BE44B0B6435FD43F085120946778F5C2C2CA73AD179796DEC0B92F0C6C8F6B63DD329EECC0AF1BB15392364C209DCF9CD6F7CA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........+H..E...E...E.L.....E..E....E..E....E......E...D...E..E..{.E..E....E..E....E.Rich..E.........PE..L....DjW.....................&....................@..........................0......aN....@.................................L*..d.......................@............................................$..@............................................text...~........................... ..`.rdata...s.......t..................@..@.data....4...@....... ..............@....rsrc................6..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):23616
                                                                                                                                                                                                Entropy (8bit):6.620094371728742
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:Qp2dG5pC/ujTc8ZrEnrZm8WXLFnPV52WZQAnYPLr7lOGa:uvCGjJ0Q9ndRZdC71a
                                                                                                                                                                                                MD5:1C47DD47EBD106C9E2279C7FCB576833
                                                                                                                                                                                                SHA1:3BA9B89D9B265D8CEC6B5D6F80F7A28D2030A2D1
                                                                                                                                                                                                SHA-256:58914AD5737F2DD3D50418A89ABBB7B30A0BD8C340A1975197EEA02B9E4F25B2
                                                                                                                                                                                                SHA-512:091F50B2E621ED80BAFE2541421906DE1BCC35A0E912055B93E40CD903BE8B474103C0D8FECDF46E7F2F3C44BDADE64A857AB2B9CB5404306055150EE4ED002A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2..v...v...v.....+.t...m'$.u...v...\...m'&.w...m'..t...m'..{...m'#.w...m'".w...m'%.w...Richv...................PE..L...wPjW...........!.....*...........4.......@.....m................................F.....@..........................I..|....E..<....`...............D..@....p.......@...............................D..@............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data...(....P.......:..............@....rsrc........`.......<..............@..@.reloc..^....p.......@..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):160256
                                                                                                                                                                                                Entropy (8bit):6.469497559123052
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:a2lpElIhbyyH3c1CX766zKELxKvFaPSnjZqMNJlGle:a2rE+xdW+76DEVKv8wv
                                                                                                                                                                                                MD5:4E3C37A4DE0B5572D69AD79B7A388687
                                                                                                                                                                                                SHA1:6B274E166641F9CE0170E99FE2D1F4319B75A9E8
                                                                                                                                                                                                SHA-256:893A86E7B1DE81DEDAB4794732FCCD02790756A2DBE4815C102F039088DFCBD2
                                                                                                                                                                                                SHA-512:8352A1CD859D17A27560448C6FFB0E8200096CAC744C8BB56330397FDE0B7F702E2295999D89FBAD74DF72DF200C391113A23A9B4342ABAC738167967533F9CD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d6.. We. We. We.;...9We.;...We.)/..)We. Wd..We.O!.(We.;...We.;...!We.;...!We.;...!We.Rich We.........................PE..L....HjW...........!.....r...........q....................................................@.............................Z.......d.... ..............................@...................................@............................................text....p.......r.................. ..`.rdata..jH.......J...v..............@..@.data...,3..........................@....rsrc........ ......................@..@.reloc..@............T..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):70208
                                                                                                                                                                                                Entropy (8bit):6.353501201479367
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:jFVfr2k521ZnrawwMmqPXt+rP3b/9/YMCxx0OpPOrEE14EVHLAuDeGJiqrmehiV9:PxioMmqF+2x0MORLVq7qjh3rmKPNpwGg
                                                                                                                                                                                                MD5:C2A59C7343D370BC57765896490331E5
                                                                                                                                                                                                SHA1:A50AF979E08A65EB370763A7F70CDB0E179D705D
                                                                                                                                                                                                SHA-256:40614FE8B91E01AD3562102E440BDBF5FAC5D9F7292C6B16A58F723BFFFE6066
                                                                                                                                                                                                SHA-512:CA266F1B2E51F66D119E2D71E3377C229A3D583853FFB606C101AFEB41689ACE7D1F1594781091DA67F9BE9D09F3019BF048C0F819777E8F1827A56BEEC252C4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._...1...1...1..9....1.j...1..9....1..9...1.....1...0.q.1.....1..9....1..9....1..9....1.Rich..1.................PE..L....HjW.................B...........B.......`....@..........................@......5C....@..................................}..x.......................@....0.......b...............................u..@............`......@{.......................text...,@.......B.................. ..`.rdata..x'...`...(...F..............@..@.data................n..............@....rsrc................p..............@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):57408
                                                                                                                                                                                                Entropy (8bit):6.6711491011490285
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:f6arRmcnq2lxm+Na6C7HIT6T8E2pLSSm3:fzm+q7HITS8E2pLSSA
                                                                                                                                                                                                MD5:AEADA06201BB8F5416D5F934AAA29C87
                                                                                                                                                                                                SHA1:35BB59FEBE946FB869E5DA6500AB3C32985D3930
                                                                                                                                                                                                SHA-256:F8F0B1E283FD94BD87ABCA162E41AFB36DA219386B87B0F6A7E880E99073BDA3
                                                                                                                                                                                                SHA-512:89BAD9D1115D030B98E49469275872FFF52D8E394FE3F240282696CF31BCCF0B87FF5A0E9A697A05BEFCFE9B24772D65ED73C5DBD168EED111700CAAD5808A78
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................I2.......(.......*.....................\.:.....\.>...............................)...............+.....Rich............PE..L...tPjW...........!.....r...V.......w.............m......................................@.........................@...x...............................@.......8.......................................@...............4............................text....p.......r.................. ..`.rdata...@.......B...v..............@..@.data...............................@....rsrc...............................@..@.reloc..8...........................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):446528
                                                                                                                                                                                                Entropy (8bit):6.603555069382601
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:RreTVhY4gXwLR4YS+OX3kQg4O5kM2LY58gwDTxXvwGSelo:Rr4VhyK7eTxXvwelo
                                                                                                                                                                                                MD5:8AE40822B18B10494527CA3842F821D9
                                                                                                                                                                                                SHA1:202DFFA7541AD0FAD4F0D30CEE8C13591DCA5271
                                                                                                                                                                                                SHA-256:C9742396B80A2241CE5309C388B80000D0786A3CAB06A37990B7690FD0703634
                                                                                                                                                                                                SHA-512:AA324A265639C67843B4BF6828029B413044CBE4D7F06A253B78B060EA554FECC6E803D59D03742C485B2EB3D52E5C0A44928DCC927501F413EE4664BB8A11F5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f.4Z..gZ..gZ..g.}g^..gWUggX..gWUeg\..gWUZgW..gWU[g_..g..qg]..gZ..g...g'~Zg~..g'~[g...g'~fg[..gWUag[..g'~dg[..gRichZ..g........PE..L...uPjW...........!..............................m......................................@.........................@..........d.......................@........%...................................\..@...............,............................text...{........................... ..`.rdata..............................@..@.data...............................@....rsrc...............................@..@.reloc...%.......&..................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):126016
                                                                                                                                                                                                Entropy (8bit):6.608910794554507
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:oOxjjADzd+aeaPB9JhjxkM2wzGdXJbD/jn8Y6:ocKzeaPB9JhjxknwzG5JbDb8F
                                                                                                                                                                                                MD5:01706B7997730EAA9E2C3989A1847CA6
                                                                                                                                                                                                SHA1:7CEAD73CBE94E824FA5E44429B27069384BFDB41
                                                                                                                                                                                                SHA-256:20533C66C63DA6C2D4B66B315FFCF5C93AE5416E3DAE68CDD2047EFE7958AB3A
                                                                                                                                                                                                SHA-512:3272C8DE6C32D53372D481441DA81AE2B6EA02E8360B23D7F793B24827BD683A6604F43BE18CE2BEE40038FBE7D5F7AF78B2C465A51F82478D881DBEB5744DC2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........y.r.*.r.*.r.*O..*.r.*.r.*.r.*. .*.r.*. .*.r.*. 0*.r.*. 1*.r.*..0*.r.*...*.r.*. .*.r.*...*.r.*Rich.r.*........PE..L...vPjW...........!.........:.....................m................................c.....@.....................................<.......................@.......\...................................0...@............................................text... ........................... ..`.rdata..8(.......*..................@..@.data...............................@....rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):191552
                                                                                                                                                                                                Entropy (8bit):6.744419946343284
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:lScg0xvhTZNIs3Ft+STckCBQo3C0Y22vncTBfsO9jZqMN3cH1Tefqk:lSclI6nTc3BQo3C0YHncTBxvs65
                                                                                                                                                                                                MD5:48C96771106DBDD5D42BBA3772E4B414
                                                                                                                                                                                                SHA1:E84749B99EB491E40A62ED2E92E4D7A790D09273
                                                                                                                                                                                                SHA-256:A96D26428942065411B1B32811AFD4C5557C21F1D9430F3696AA2BA4C4AC5F22
                                                                                                                                                                                                SHA-512:9F891C787EB8CEED30A4E16D8E54208FA9B19F72EEEC55B9F12D30DC8B63E5A798A16B1CCC8CEA3E986191822C4D37AEDB556E534D2EB24E4A02259555D56A2C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v...%...%...%..w%...%.7D%...%.7q%...%..|%...%...%...%.7E%*..%.7u%...%.7r%...%Rich...%........................PE..L....DjW.....................(...................@..........................0............@.................................\*..d.......................@............................................$..@............................................text............................... ..`.rdata...t.......v..................@..@.data....4...@......."..............@....rsrc................8..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):269888
                                                                                                                                                                                                Entropy (8bit):6.418120581797452
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:Fp9B0qT85g5Sq+VBY2qVLC2wH5rM8HoQvlHO:5uqT85sSq+ERVm2wZEQvlHO
                                                                                                                                                                                                MD5:F8211DB97BF852C3292C3E9C710C19D9
                                                                                                                                                                                                SHA1:46DAD07779E030D8D1214AFE11C4526D9F084051
                                                                                                                                                                                                SHA-256:ECF4307739CA93F1569CE49377A28B31FE1EB0F44B6950DBAAFA1925B24C9752
                                                                                                                                                                                                SHA-512:B3E20EECA87136CAE77F06E4149E65EBFEF71A43589F7E2833008FE43811A2BC8B6202B6ADB5CE122A1822E83CE226B833DEF93A2B161476BD5B623794E4F697
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a..L%...%...%...>c..8...J.4.-...,.......%.......>c5.....>c4.....>c..$...>c..$...Rich%...................PE..L...rGjW.................t...........C............@..................................a....@.................................L...x.......................@.......8................................... ...@...............h...T........................text....r.......t.................. ..`.rdata...c.......d...x..............@..@.data...8........z..................@....rsrc................V..............@..@.reloc..>-..........................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13888
                                                                                                                                                                                                Entropy (8bit):6.274978807671468
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:ahKnvndLwm3XLPVlD6yTUZnYe+PjPriT0fwdNJLkoRz:a4j7PVl1TAnYPLr7cLka
                                                                                                                                                                                                MD5:0291BA5765EE11F36C0040B1F6E821FB
                                                                                                                                                                                                SHA1:FFE1DCF575CCD0374DF005E9B01D89F6D7095833
                                                                                                                                                                                                SHA-256:F8540BE2BBD5BDE7962D2FE4E7EC9EF9BF53D95B48781AE549AA792F10032485
                                                                                                                                                                                                SHA-512:72ADDC631D8CF064E1B047B51EEF7F306CA959D24ED705065C33EE8DDDF7EA84B95B3DE5B0709015A81D36ACA01E15CE99A354D4069D4D798ED128A6A76D1010
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X"._9LR_9LR_9LRD..R^9LRD..RS9LRD..RZ9LRVA.R]9LR_9MR|9LRD..R\9LRD..R^9LRD..R^9LRD..R^9LRRich_9LR........PE..L...xPjW...........!......................... .....m.........................`............@..........................&..J...\"..P....@..................@....P..@.... ...............................!..@............ ...............................text............................... ..`.rdata..Z.... ......................@..@.data...`....0......................@....rsrc........@......................@..@.reloc..t....P......................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):163904
                                                                                                                                                                                                Entropy (8bit):6.783788147675078
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:XrQPwE5tlGsXVomHvD+1febSICzqozXtrQwnNZkB+5:XU15tpX9HvsfrTtMwNWBY
                                                                                                                                                                                                MD5:6E08D65F5CBB85E51010F36A84FC181D
                                                                                                                                                                                                SHA1:4EEE8BE68BAAF6320AEA29131A1C0B322F09F087
                                                                                                                                                                                                SHA-256:2D8658909D9E357A4B70FCF862D690EEC82A2F77161ABB021E0839C6A67D4825
                                                                                                                                                                                                SHA-512:DF4494D062E9A8AC82D727D2722DCF32C3FC924FA104F384FA099ADB08ECBDEEA7A19245D779097C0AFCF51F84852328ED595C88380F42BD39560678C8AD9621
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#..cp..cp..cp...p..cp...p..cp.D.p..cp..bp..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cp.D.p..cpRich..cp........................PE..L...{PjW...........!...............................m......................................@......................... ?..h...|9..<....P...............h..@....`...)..@...............................(8..@...............,............................text............................... ..`.rdata..._.......`..................@..@.data...0....@.......4..............@....rsrc........P.......8..............@..@.reloc...+...`...,...<..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):22592
                                                                                                                                                                                                Entropy (8bit):6.620820751411794
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:YL4Z7lZRiY3PB6cGgOp2m1zq2oatSnPV5zYxkpLfsnYPLr7Ybc:E4PZRiY3PB6cVAebaMnd+ypLkC7Cc
                                                                                                                                                                                                MD5:700F5789D2E7B14B2F5DE9FDB755762E
                                                                                                                                                                                                SHA1:F35EDE3441D6E5461F507B65B78664A6C425E9AC
                                                                                                                                                                                                SHA-256:D115EAF96BD41C7A46400DCFF7EF26AC99E3CF7A55A354855C86BAE5C69A895A
                                                                                                                                                                                                SHA-512:664A442DD424CA04AC0CE072B9BBD5EF7C657B59A26403C44A856738F7998466BFE3010825A13451281841D39B0A34D8997EE24497D626EC60C19AA1AF0EE465
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6...W..W..W../j.W...e.W..W..W....a.W...g.W...R.W...S.W...b.W...c.W...d.W..Rich.W..........PE..L...|PjW...........!........."......T&.......0.....m.................................O....@.........................`>.......:..<....`...............@..@....p.. ....0...............................9..@............0...............................text...^........................... ..`.rdata..p....0....... ..............@..@.data........P.......6..............@....rsrc........`.......8..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):115264
                                                                                                                                                                                                Entropy (8bit):6.588792190592223
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:2Cgsy+/cydqNiaZr+lOzZPh7/W4MCnc8Ioaa2yFWcC6vsx/8:FZOzZPh7/WSe+S6v+U
                                                                                                                                                                                                MD5:8BC8FE64128F6D79863BC059D9CC0E2E
                                                                                                                                                                                                SHA1:C1F2018F656D5500ACF8FA5C970E51A55004DA2E
                                                                                                                                                                                                SHA-256:B77CD78FF90361E7F654983856EE9697FDC68A0F9081C06207B691B0C9AF1F5D
                                                                                                                                                                                                SHA-512:6771F23ECF1A449EB6B0B394E0F1D3EB17C973FC0544BA25487C92F215ACC234FC31C9B7BE5528EFD06D29A35BB37DD7934318837576862ADFC2631B4D610A24
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l..>7..l..>...l..>5..l..>...l...#..l..5..l..l.zl.....l.....l..4..l..>3..l..6..l.Rich.l.........PE..L...}PjW...........!.........|......],.......@.....m................................~.....@.....................................x.......................@............................................h..@............@...............................text....-.......................... ..`.rdata..4Z...@...\...2..............@..@.data...4...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):33934912
                                                                                                                                                                                                Entropy (8bit):6.35314231534845
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:393216:VJ8d7SMzwH5R2sdDcBwHHdI4DKRlDsqXCagQZhzvilh2Wlq7ODI:VJ8d7zzUesdDtevn
                                                                                                                                                                                                MD5:4D857A5FC9CA16D2A67872FACCF85D9F
                                                                                                                                                                                                SHA1:EAEB632E526EFA946E4DB1B8CFA31DE6A7B03219
                                                                                                                                                                                                SHA-256:7FFA7423DDA07499394B345E5ECE2D54C8E19247E6E76C0E23B5BF1470AB0D7F
                                                                                                                                                                                                SHA-512:8DBC8675CE2DACE8D629C3FA66CF65704346AB829AE0B0A1D7B25BE22783B7E73624BA70F6D67264D6CA1656D7590E3753A8DF2227DA45112C5BD4A5654089AF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........O..z!..z!..z!.c...z!..(...z!..(...z!......z!..z!..z!..(..hz!..(...z!......z!. ...z!..z ..{!......p!......z!..(...z!......z!.Rich.z!.................PE..L...~PjW...........!......... $....................m......................................@.................................X...x.......@...............@..............................................@............................................text.............................. ..`.rdata...E.......F..................@..@.data..............................@....unwante............................@..@.rsrc...@...........................@..@.reloc.............................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15936
                                                                                                                                                                                                Entropy (8bit):6.475020301731584
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:GpsE5cnm6ObmSHhV8j0eeq4SziahnYPLr79OOu:Gpszn6iS/8jxeqfhC78Ou
                                                                                                                                                                                                MD5:4F11D43AA2215CE771DA528878F01C8E
                                                                                                                                                                                                SHA1:8062681D73489FF200CA0BA426FF1FF3F44494A7
                                                                                                                                                                                                SHA-256:0D554CD4B373D6D9B9C179A468D179388706C0BDE4D878ED75EF575651588B3C
                                                                                                                                                                                                SHA-512:34CB271C32FB479CFAEEC536A5D35A41730E90001D67DC9DB595DB240A1F58C3BF12334BB5CDE7673C8E56A4C272BFBD66E4EACDEE0082F6FD583E4E039EC540
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......C....@.................................$#..P....@..@............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...@....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):158784
                                                                                                                                                                                                Entropy (8bit):6.816453355323999
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:gLkNbBRaz4rQWiG6wMz9/S3en9pHUw06TBfkqI44:rNbB4Mcnv7z6en9pj06TB6
                                                                                                                                                                                                MD5:73A76EC257BD5574D9DB43DF2A3BB27F
                                                                                                                                                                                                SHA1:2C9248EAE2F9F5F610F6A1DFD799B0598DA00368
                                                                                                                                                                                                SHA-256:8F19B1BA9295F87E701C46CB888222BB7E79C6EE74B09237D3313E174AE0154F
                                                                                                                                                                                                SHA-512:59ECD5FCF35745BDADCDB94456CB51BB7EA305647C164FE73D42E87F226528D1A53CE732F5EC64CE5B4581FA8A17CFBFDC8173E103AE862D6E92EB3AD3638518
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................6...........0.....=............7....5.....4.....3....Rich............PE..L....PjW...........!...............................o................................Y.....@..........................3..m....*..d....................T..@............................................#..@............................................text...~........................... ..`.rdata...u.......v..................@..@.data....4...@......."..............@....rsrc................6..............@..@.reloc.."............:..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):207424
                                                                                                                                                                                                Entropy (8bit):6.630800216665857
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:ckZ5ktGCru8e6Y3RhNw0mjs+OBS7n7ACKRAHbW:ciIbS6Y37Nw0/QC
                                                                                                                                                                                                MD5:475DD87198F9C48EFB08AAB4ADE8AF5A
                                                                                                                                                                                                SHA1:9B657E0837639663D4D721F8C5E25401F11E7BEB
                                                                                                                                                                                                SHA-256:32764005FCCE7D0E51801528F6B68C860979E08D027A5220DFEC19B2A8013354
                                                                                                                                                                                                SHA-512:0B492B0FBADC14178A6F79A58E47C30D92B59B18414E38A7B119699D0788ACF3713F925CF0EC570BE3E29AB26BDB6B567C38526BC0603BA78ECC3E2952EA3E2B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........D.*...*...*.......*.......*.;....*.......*.......*...+...*.......*.......*.......*.......*.......*.......*.Rich..*.........................PE..L....PjW...........!.........>.....................o.........................P............@.............................................................@......../...................................C..@...............|...........................text.../........................... ..`.rdata..............................@..@.data....,.......&..................@....rsrc...............................@..@.reloc...6.......8..................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):82496
                                                                                                                                                                                                Entropy (8bit):6.597347722250847
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:ez2dfBusTTkMffX+xR5kdt94u+508AqDfJOqsbCkq24maADX:kE5u+kkX+P+dt9O08JJOZXX4nADX
                                                                                                                                                                                                MD5:5F85F7F2DFAC397D642834B61809240F
                                                                                                                                                                                                SHA1:ECA28E8464208FA11EF7DF677B741CDD561483D9
                                                                                                                                                                                                SHA-256:B71E00ADB77D87882D58993A5888955BDD62C57D364F60AAA0FA19D32A69C9DA
                                                                                                                                                                                                SHA-512:2BFE9FCE450E57EA93DEEAA85A746CB17BA946EEFF866F10D67C74F7EA038B16910E0D8EF29E9F358AF7DAABD45E3983C370FEF82A9647546819DCDE3AEE45BC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-..C..C..C.....C..3..C.v...C..3..C..B.X.C.....C..3..C..3...C..3..C..3..C.Rich.C.........PE..L....HjW............................1.............@.................................cE....@.................................\...x....`..H............*..@....p..h.......................................@............................................text............................... ..`.rdata...C.......D..................@..@.data....0... ......................@....rsrc...H....`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):19008
                                                                                                                                                                                                Entropy (8bit):6.372096409611824
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:PTjlu57T5J5eFeYW7TPVlN3B+ASZQ4NNR7F3qnYPLr7om0:PnUd5eFeDfd5Sj7oC7om0
                                                                                                                                                                                                MD5:4023E25F92B5F13E792901BF112A8EA2
                                                                                                                                                                                                SHA1:31ADCD411905832B89EA55DEC8B9C83AF3C7D3EA
                                                                                                                                                                                                SHA-256:432AEDAC59FA161FED5A5D95CA5F8CFD1D73A35ABE8A7090D137100F727B687B
                                                                                                                                                                                                SHA-512:AD0E6F8071EB09E843989E637BACA988DD7706D84FC26DB7C2E18BBE03A78A6C5BFE4F1B28289B5929B2B86C53FB6C3DAE42523DC8EDE8057A8F431AEA77BB20
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~fQ.~fQ.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQ.~gQ.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQ...Q.~fQRich.~fQ................PE..L....PjW...........!.........................0.....o.........................p.......8....@..........................8......43..P....P...............2..@....`.......1..............................P1..@............0.......2..@....................text............................... ..`.rdata..T....0......................@..@.data........@.......&..............@....rsrc........P.......*..............@..@.reloc..J....`......................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):186944
                                                                                                                                                                                                Entropy (8bit):6.612459610032652
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:XsSFQQB7SGWV2xrkvql6QPJD7mGVqjLypDTaDE5zwmFxy7HglbZrdIG:XJ97PxYAPJ/RV0tDCzw+xy0ldOG
                                                                                                                                                                                                MD5:E9373908186D0DA1F9EAD4D1FDAD474B
                                                                                                                                                                                                SHA1:C835A6B2E833A0743B1E8F6F947CFE5625FE791F
                                                                                                                                                                                                SHA-256:E2FBD6C6334D4765FF8DFF5C5FE3DF8B50015D0BF9124142748FADB987B492FF
                                                                                                                                                                                                SHA-512:BFDC236D462DAC45FD63C112E40558ED4E11E76FB4D713926A679FD573F67FA16451231A03178926B76BD267F092A33A3B6760CF4812DE2679BB9505B83F8261
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........B.+.#.x.#.x.#.x.mGx.#.x..Ax.#.x..ux3#.x.[Lx.#.x.[\x.#.x.#.x #.x.Utx.#.x..tx.#.x..Dx.#.x..Ex.#.x..Bx.#.xRich.#.x................PE..L....PjW...........!................K........ .....o................................,j....@................................. ...d.......................@............"...............................f..@............ ..P...L|.......................text...\........................... ..`.rdata...m... ...n..................@..@.data....5...........z..............@....rsrc...............................@..@.reloc...%.......&..................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):145984
                                                                                                                                                                                                Entropy (8bit):6.69725055196282
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:S2yRKm4/j/dKLnjHy7OMD+MqS1RYio7+oD33GnUV0fem2M:S2ytqlYnjHehDzqiq+oD33OUV8Vx
                                                                                                                                                                                                MD5:4294D39CC9E5F23754D41B9DDE710112
                                                                                                                                                                                                SHA1:1BAA1E136F18108AB4E31EC005DEC54FC3F23A7C
                                                                                                                                                                                                SHA-256:DE3EEDED01B35DC7C29B0B758211BB1DB73CCFFB9298D281DAF56924ED9E93CB
                                                                                                                                                                                                SHA-512:E88DFF129DD35445B32A2DBCAB97CF752E9ACDF82FF88B184FA6D3B461D55BD2D195794802C5BA5E7EFFA086DC89E0C2CEF0C8B0BFA29AC70B75CFB1B4B0584C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........:.j.i.j.i.j.i..5i.j.i..8i.j.i...i.j.i..:i.j.i.j.i.j.i...i.j.i..=i.j.i..<i.j.i..;i.j.iRich.j.i................PE..L....PjW...........!.........P......)..............o.........................`............@.........................."..X.......P....@..............."..@....P..........................................@............................................text...N........................... ..`.rdata...9.......:..................@..@.data........0......................@....rsrc........@......................@..@.reloc..4....P......................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16448
                                                                                                                                                                                                Entropy (8bit):6.482296988184946
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:n11I27Bf0jeZy+hiqEyRoPV527rBnYPLr7/U:nrJfYqodYJC78
                                                                                                                                                                                                MD5:4BDF31D370F8A893A22820A3B291CC1D
                                                                                                                                                                                                SHA1:BD27656B42F881EEE1940CFE15CF84C1938B57BA
                                                                                                                                                                                                SHA-256:C98DFAC99CC1E05D5F86B2577031A7624DCC13D0A8344B2855F166335177BC16
                                                                                                                                                                                                SHA-512:51623274C13DA71AD01DBAD7950444B512F08C3DC04E27F0321DF02E9F3C4DFB308DEF35F58524CCCCE79ED2A8859D85C16DC0D9BEA378E5538E23602D35AA76
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{.m..d>..d>..d>.b.>..d>...>..d>..e>..d>...>..d>...>..d>...>..d>...>..d>...>..d>...>..d>Rich..d>........................PE..L....PjW...........!.........................0.....o.........................p......n.....@.........................P8..:....4..<....P...............(..@....`.......0...............................3..@............0...............................text............................... ..`.rdata.......0......................@..@.data...`....@....... ..............@....rsrc........P......."..............@..@.reloc.......`.......&..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):30784
                                                                                                                                                                                                Entropy (8bit):6.609051738644882
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:mk87qhVj8sqgP7CRLMOPfkGo7UdJs0flkg2uG8RPGHTR5ny5pnYPLr7z:mk87qhVjaMOPJdJFflLJR+V03C7z
                                                                                                                                                                                                MD5:7BD914407C6D236B27865A8C63147B7F
                                                                                                                                                                                                SHA1:9B49E48705341D30E3F92B85652E924C7985E415
                                                                                                                                                                                                SHA-256:549849DC910261D817670B192715430395993E811D0FD3103651237D7F18929D
                                                                                                                                                                                                SHA-512:624DC95F696BEA311726EAFB0017F363C8703B95A2E08DE984C642867888CF5B9172326C2E2567ED4A2EA28F806B633840552C80BE49EB6CF2A8FC4A0C259117
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.Nu.h &.h &.h &...&.h &...&.h &...&.h &.h!&_h &...&.h &...&.h &...&.h &...&.h &...&.h &Rich.h &........PE..L....PjW...........!.....8...(.......A.......P.....o.................................G....@.........................P^.......V..P....................`..@...........`Q...............................U..@............P..D............................text...66.......8.................. ..`.rdata.. ....P.......<..............@..@.data...$....p.......V..............@....rsrc................X..............@..@.reloc...............\..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):27712
                                                                                                                                                                                                Entropy (8bit):6.6264206752006825
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:hgWe1DWI+mB7JkJKe3xVF2XNbuHEqe8yIGn3zY9pcQ/oGmEsg0sqkgiHmNs2Qd6X:qWbEK1Ms2dYJG
                                                                                                                                                                                                MD5:6280201C1918EA3293919BB282D2B563
                                                                                                                                                                                                SHA1:3F6F5299A435E2A0C36BE8AAD4CB2FCAACD0897D
                                                                                                                                                                                                SHA-256:0711127A297E4CC1927D77013FC040CAA26930C34A4C7B4D7631BCE9C8041B74
                                                                                                                                                                                                SHA-512:A4C4507ED4FDEC038FAFA62970161E7B75FF9A2ABBDF854ED55483144DCDC0FC9D21235FDDDF1B38303723F9C615AE388397C4D17B5391D8827A5B40AC52C5FC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............q...q...q.......q.......q.......q...q...q....=..q....<..q.......q.......q.......q..Rich.q..........................PE..L....PjW...........!.....6...$.......?.......P.....o................................p;....@.........................0Y.......S.......p...............T..@.......0....Q...............................R..@............P...............................text...f4.......6.................. ..`.rdata.......P.......:..............@..@.data...L....`.......J..............@....rsrc........p.......L..............@..@.reloc...............P..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):178240
                                                                                                                                                                                                Entropy (8bit):6.793245389378621
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:gWosiKTxga2KtpdhEnGF5PNyR0BxDxxKF5HkEWnuYsauj9Fom1QB:3RRKAtpdhEn/0BzwFpvYm0z
                                                                                                                                                                                                MD5:BF299F73480AF97A750492E043D1FADD
                                                                                                                                                                                                SHA1:C93C4A2DAE812F31603E42D70711D3B6822F9E8E
                                                                                                                                                                                                SHA-256:0334E3B7AE677116B92516172D0CA905723DAF847D8B3B0DC3FC118EDC703D51
                                                                                                                                                                                                SHA-512:7265783F0DD653DBC4693D5EFEB156281620C5421F29910F14C22B75A936233E9E897087E64B641335795484837F28F113EE9F380027698A898F19115FD0F648
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........:..di..di..di.k.i..di.k.i..di...i..di.k.i..di..ei..di.k.i..di.k.i..di.k.i..di.k.i..diRich..di................PE..L...pPjW...........!.....^...F.......g.......p.....o.................................Z....@.............................d....x..P.......h...............@....... ...`q..............................pw..@............p..H............................text....\.......^.................. ..`.rdata.......p.......b..............@..@.data................v..............@....rsrc...h...........................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15936
                                                                                                                                                                                                Entropy (8bit):6.474237923131844
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:Gps45cnQ6DmSHhV8r0eeU4Szi6nYPLr70aG:Gpsnn4S/8rxeUvC7RG
                                                                                                                                                                                                MD5:9A4CF09834F086568DF469E3F670BF07
                                                                                                                                                                                                SHA1:594C4E0394475A6299C79E3A063C7D5AE49635F3
                                                                                                                                                                                                SHA-256:709E9E544434C52285A72F29AD6B99CE1E7668545F10AD385C87ABF34D2052BB
                                                                                                                                                                                                SHA-512:CD551E7944461F3288B880B9D161F19F97EB4599A3A46CC93C4172B5112960FB0C040B9996F13CF0761FB85A283E2F20944135EC59660C807A59B29CDDC44586
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......@....@.................................4#..P....@..T............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...T....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15936
                                                                                                                                                                                                Entropy (8bit):6.477340414037824
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:Gps45cnk6LlmSHhV8i+ceek4SzS+nYPLr7wd:Gpsnn5AS/8jZek7C7wd
                                                                                                                                                                                                MD5:4DE6BFE6EA98BC42A5358ED8307107B2
                                                                                                                                                                                                SHA1:8F687E60784FD9046A361DC1DC85D43051CBD577
                                                                                                                                                                                                SHA-256:7C07D167AA4A23AB64A205301663C87E578FF6B31985DF8B51AF80CA6999176F
                                                                                                                                                                                                SHA-512:8091AADEACAD1DAC5191EBB996D1E4BE25A19C10A4E76F79AB7EA2A592711FD39AAD7E89D7DEE09385296AA7A649AABFA7C325C4A627AFE1C009C906709EDB5A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`............@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15936
                                                                                                                                                                                                Entropy (8bit):6.477747126356611
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:GpsJ5cn66FmSHhV8Teeek4SzSgnYPLr7mpB:GpsUngS/8TDekdC7yB
                                                                                                                                                                                                MD5:CA17B8CBD623477C5D1D334B79890225
                                                                                                                                                                                                SHA1:2BFC372A28EDE40093286CDA45003951A2CE424F
                                                                                                                                                                                                SHA-256:A7AC47AC8518E2D53575E12521B3A766A5E2EE4133C6C6AB9AE1C3C6777F5E77
                                                                                                                                                                                                SHA-512:D9DDF3E67B9A4E0197D271243623D4DF8A26A35EC2F5195AB316E910E133BA09C70F6D28E7CA69184E4ABABCF063C014D7A6E6EA48F82382B316864A945175C5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`....... ....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15936
                                                                                                                                                                                                Entropy (8bit):6.476844183458217
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:Gpsw5cnL6U0mSHhV89+ee84SzSFnYPLr7KTdK:Gps/nHpS/89je80C7KQ
                                                                                                                                                                                                MD5:B4AD335E868693F009B7644E2ED555C1
                                                                                                                                                                                                SHA1:ECCB9711CF78BCD5BD78231A838B1852764B301C
                                                                                                                                                                                                SHA-256:CCA46A54A1A9CE78F7FFC49D195C4AB970AD540B5FCB2B6D9BF57EEDF38EC28D
                                                                                                                                                                                                SHA-512:04A4670345B47C5B256220A85FFC68A1DD6DFE8D44838A4C634EB0EBC469EFC307B0BCF838AA1244634A315F365518B1633586B872C6D459EE80374D14234CA4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......{.....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):185920
                                                                                                                                                                                                Entropy (8bit):6.517453559791758
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:pmxoFzYbnERrNyf0VCyqp2pswAG8wJfV1cnrQKUCc9rBTq/bKQcUMZ:koFJcQCyuZG8wdKcLgbDcU6
                                                                                                                                                                                                MD5:D4246AF96E1FFA5E63C55E6F0A63ED82
                                                                                                                                                                                                SHA1:30F319CEBD7BCCCFC3637231D07F45BD5A79B03E
                                                                                                                                                                                                SHA-256:84576AAC88D08E864645415D8A81F4B8F04C881B7624973C952BA6BCB94F4C8C
                                                                                                                                                                                                SHA-512:92EDFE62BE5BDDC47EC51B01F8FE71C69691423ABECBB358A972766ACCDC8F9365C064FD0A7833C8853EDD5DED51791A7662584DB5F54BE3586AC2787160FA6A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......AE.m.$z>.$z>.$z>.\.>.$z>...>.$z>...>.$z>...>.$z>.${>T$z>...>"$z>...>.$z>...>.$z>...>.$z>Rich.$z>........................PE..L...pPjW...........!.................%.......0.....o......................................@..........................P..h...LK..d.......................@.......$... 1...............................I..@............0...............................text............................... ..`.rdata..H#...0...$... ..............@..@.data....h...`...\...D..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):33344
                                                                                                                                                                                                Entropy (8bit):6.5580840927675945
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:5TuVpsEkV3/azbYJHf2ZdCwhxKdv0tCFC7dRb:5YQV3/az8x2HCSScC4dRb
                                                                                                                                                                                                MD5:EFF31A13A4A5D3E9A5BD36E7349D028B
                                                                                                                                                                                                SHA1:8E47BE8C1CE4DFD73B7041679E96EA4A17DDB4C0
                                                                                                                                                                                                SHA-256:307B816892FDD9BAD9E28953E1BBB4BCE35C8F8CA783C369D7EB52A22BCC4229
                                                                                                                                                                                                SHA-512:72148C757624868D3866C40B31149CCA171737D82ADBCDF2C8FB03A9D8F3C1CEA2B2FC5137DD11DAAD2328D3AF8FAE43568DCCD843664BC43323F9357B67B6A0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........\j.29.29.29w..9.29...9.29...9.29..9.29...9.29.39..29...9..29...9.29...9.29...9.29Rich.29........PE..L...pPjW...........!.....,...>......H6.......@.....o................................T.....@..........................T.......K.......................j..@...........pA..............................XJ..@............@..P............................text...^+.......,.................. ..`.rdata...-...@.......0..............@..@.data...@....p.......^..............@....rsrc................`..............@..@.reloc...............d..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):574528
                                                                                                                                                                                                Entropy (8bit):6.508068830472597
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:NtKMEr1LBBgPcvhwhtRtL+tKJZetu4zxLukaMevlOjPMat4+8NMutQaLqqiINw3X:NtKMEr1VBgPcvhwhtRtL+tkZezxLuQeS
                                                                                                                                                                                                MD5:5E1B7D0ACCB4275DEAB6312AA246CB3E
                                                                                                                                                                                                SHA1:488A5CB9D9C0CF27824DF32B9B76D4F67F6FB485
                                                                                                                                                                                                SHA-256:9FC49B3F6FD11A2B2B92748C24F21721D1011B1920D092E38AF4021102125543
                                                                                                                                                                                                SHA-512:5A875DD4731E862F753EBB987593DC61D39DD3D3D13CDED284DE27DD09AFA946FA96824AC194EC0DD45AA2CE0D56637A5522F49F28F3C89B7F5248D389B1B62E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y...8i.8i.8i.@..8i....8i.8h.8i....8i....8i.....8i....8i....8i....8i.Rich.8i.........PE..L...pPjW...........!...............................o.....................................@......................... ..."......<.......................@...........................................p...@............................................text............................... ..`.rdata..B...........................@..@.data...,...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):455328
                                                                                                                                                                                                Entropy (8bit):6.698367093574994
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:uZ/8wcqw2oe+Z3VrfwfNOOoWhUgiW6QR7t5ss3Ooc8DHkC2e77/:W/8wVwHZFTwFOOos3Ooc8DHkC2e77/
                                                                                                                                                                                                MD5:FD5CABBE52272BD76007B68186EBAF00
                                                                                                                                                                                                SHA1:EFD1E306C1092C17F6944CC6BF9A1BFAD4D14613
                                                                                                                                                                                                SHA-256:87C42CA155473E4E71857D03497C8CBC28FA8FF7F2C8D72E8A1F39B71078F608
                                                                                                                                                                                                SHA-512:1563C8257D85274267089CD4AEAC0884A2A300FF17F84BDB64D567300543AA9CD57101D8408D0077B01A600DDF2E804F7890902C2590AF103D2C53FF03D9E4A5
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o...+.N+.N+.N.3wN).N+.N..Nm.aN(.Nm.cN#.Nm.]N..Nm.\Ne.Nm.YN-.Nm.`N*.Nm.gN*.Nm.bN*.NRich+.N........................PE..L....|OR.........."!.........................0.......................................x....@..........................W..L...<...<........................>.......D...................................K..@...............<............................text...<........................... ..`.data....^...0...0... ..............@....idata...............P..............@..@.rsrc................j..............@..@.reloc...D.......F...n..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):773968
                                                                                                                                                                                                Entropy (8bit):6.901569696995594
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
                                                                                                                                                                                                MD5:BF38660A9125935658CFA3E53FDC7D65
                                                                                                                                                                                                SHA1:0B51FB415EC89848F339F8989D323BEA722BFD70
                                                                                                                                                                                                SHA-256:60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA
                                                                                                                                                                                                SHA-512:25F521FFE25A950D0F1A4DE63B04CB62E2A3B0E72E7405799586913208BF8F8FA52AA34E96A9CC6EE47AFCD41870F3AA0CD8289C53461D1B6E792D19B750C9A1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L..."._M.........."!.........................0.....x................................u.....@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):970912
                                                                                                                                                                                                Entropy (8bit):6.9649735952029515
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:LBmFyjLAOQaYkxGXPfY7eiWWcpOKnpTVOIxhK765qlRRb6x4pI23IbJQV:dmFyjLF847eiWWcoGZVOIxh/WxIAIbGV
                                                                                                                                                                                                MD5:034CCADC1C073E4216E9466B720F9849
                                                                                                                                                                                                SHA1:F19E9D8317161EDC7D3E963CC0FC46BD5E4A55A1
                                                                                                                                                                                                SHA-256:86E39B5995AF0E042FCDAA85FE2AEFD7C9DDC7AD65E6327BD5E7058BC3AB615F
                                                                                                                                                                                                SHA-512:5F11EF92D936669EE834A5CEF5C7D0E7703BF05D03DC4F09B9DCFE048D7D5ADFAAB6A9C7F42E8080A5E9AAD44A35F39F3940D5CCA20623D9CAFE373C635570F7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S9...XlA.XlA.XlA..A.XlA.XmA.XlAQ..A.ZlAQ..AvXlAQ..A!XlAQ..A.XlAQ..A.XlAQ..A.XlAQ..A.XlARich.XlA........PE..L....|OR.........."!................D............................................... .....@.........................`........R..(....p...................>......d]..@...8...........................H...@............P...............................text............................... ..`.data...4e.......V..................@....idata.......P......................@....rsrc........p.......0..............@..@.reloc..d].......^...4..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):79936
                                                                                                                                                                                                Entropy (8bit):6.675027571633986
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:ygRdVzzmTj2iu+wk5eQjBE55W+hYRwZZ3GFjJJ5n5WF:yIfmHsM5j6VqJJ55WF
                                                                                                                                                                                                MD5:691B937A898271EE2CFFAB20518B310B
                                                                                                                                                                                                SHA1:ABEDFCD32C3022326BC593AB392DEA433FCF667C
                                                                                                                                                                                                SHA-256:2F5F1199D277850A009458EDB5202688C26DD993F68FE86CA1B946DC74A36D61
                                                                                                                                                                                                SHA-512:1C09F4E35A75B336170F64B5C7254A51461DC1997B5862B62208063C6CF84A7CB2D66A67E947CBBF27E1CF34CCD68BA4E91C71C236104070EF3BEB85570213EC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!.._e.}.e.}.e.}.~'..d.}.~'..g.}.....f.}.~'..c.}.e.|..}.l...b.}.l...d.}.~'..D.}.~'..d.}.~'..d.}.~'..d.}.Riche.}.................PE..L...pPjW...........!.........l.....................o.........................`......-.....@.............................1............0............... ..@....@...................................... ...@...................l...`....................text............................... ..`.rdata...L.......N..................@..@.data........ ......................@....rsrc........0......................@..@.reloc..*....@......................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):51264
                                                                                                                                                                                                Entropy (8bit):6.565433654691718
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:a+BEJER/xSW/EoB8VBQZbKYawLysHFhIAqQbQMD8YpwQ+Qi4v8qUYVC7R:a+BEJERvQGbKnwusjIAq08YDi4UqUYoR
                                                                                                                                                                                                MD5:95EDB3CB2E2333C146A4DD489CE67CBD
                                                                                                                                                                                                SHA1:79013586A6E65E2E1F80E5CAF9E2AA15B7363F9A
                                                                                                                                                                                                SHA-256:96CF590BDDFD90086476E012D9F48A9A696EFC054852EF626B43D6D62E72AF31
                                                                                                                                                                                                SHA-512:AB671F1BCE915D748EE49518CC2A666A2715B329CAB4AB8F6B9A975C99C146BB095F7A4284CD2AAF4A5B4FCF4F939F54853AF3B3ACC4205F89ED2BA8A33BB553
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......J!...@..@..@...@..@...u..@...B..@..@..@..8M..@...t..@...E..@...D..@...C..@.Rich.@.........PE..L...pPjW...........!.....V...Z......9_.......p.....o................................X.....@..............................+..L|..........................@.......t....r...............................{..@............p...............................text...TT.......V.................. ..`.rdata...F...p...H...Z..............@..@.data...(...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17472
                                                                                                                                                                                                Entropy (8bit):6.403594687791098
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:A3PK394shTLHzW8KMw3X+PVR6y/FNdoEUtnYe+PjPriT0fwoBpp6Z:BThTrzPPQOPV5NNdoEwnYPLr7xc
                                                                                                                                                                                                MD5:94CAADA66F6316A9415A025C68388A18
                                                                                                                                                                                                SHA1:57544E446B2B0CFBA0732F1F46522354F94B7908
                                                                                                                                                                                                SHA-256:D1C4FB91296D643AEE6AB9CD66CC70ACBE2667AD572D969A06FFEAA2A8859FAF
                                                                                                                                                                                                SHA-512:AC29E7C722A266DCB633953EF2A7E33DF02059AC7876FF94828464B5B74B5BC321C5D2D2851F3CBBFE1328D18F3CD9A49E5EFFE7E4E8AC2BEB3A0E4AAA53AD87
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............w...w...w....@..w..O9K..w....O..w...w...w....M..w....x..w....y..w....H..w....I..w....N..w..Rich.w..........PE..L...qPjW...........!................)........0.....o.........................p......w.....@..........................7.._....3..<....P...............,..@....`.......0...............................2..@............0...............................text...>........................... ..`.rdata..O....0......................@..@.data...X....@......."..............@....rsrc........P.......$..............@..@.reloc.......`.......(..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16448
                                                                                                                                                                                                Entropy (8bit):6.380289288441742
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:GpsCgvnvId6YmSHhV85AeencGtnYPLr7Vz:GpsDngGS/851ebC7Vz
                                                                                                                                                                                                MD5:7DA6AA3CC4763C6F9C20B43E6C9A9547
                                                                                                                                                                                                SHA1:3F28CF8E6AAD199DCC621F2A2C8AD50126813B05
                                                                                                                                                                                                SHA-256:F7375AD07F0BE6FD75E822A9ECFF5ACA073DB03B95894C05C7657BEC7AF59AF4
                                                                                                                                                                                                SHA-512:7948EAA11B4026F9975B6CC4225A4C0B617341299364196F3825EEF4484A6EEB529319BF4F6D19436689083C36BF1F6B9880574764612FC900C8CC1D73EED1BB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................z........ ....@..........................`......1.....@..................................#..P....@..H............(..@....P....... ..............................h"..@............ ...............................text............................... ..`.rdata..*.... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......&..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15936
                                                                                                                                                                                                Entropy (8bit):6.4779230305378315
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:Gpsk5Bn46zmSHhV8yYAeeU4Sz5uwnYPLr73ki:GpsungS/8yY1eUuwC79
                                                                                                                                                                                                MD5:E9AA62B1696145A08D223E7190785E25
                                                                                                                                                                                                SHA1:A9A0CB22A28A3843CF6CCBC9578B1438F0A7B500
                                                                                                                                                                                                SHA-256:EA9DF3432EF31B6864112AF1CEC94E6BE33B92A9030369B9F99225113BCA6EF8
                                                                                                                                                                                                SHA-512:516FA102922980DF592DD08A840DA9073B6568F5E52847968C59995F2BD067AC6D2668D0272AE017D0C71AF627766A8676AE1EB1BC520B76F1F9C5CEEB4BA840
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......#....@.................................D#..P....@..T............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...T....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):773968
                                                                                                                                                                                                Entropy (8bit):6.901569696995594
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
                                                                                                                                                                                                MD5:BF38660A9125935658CFA3E53FDC7D65
                                                                                                                                                                                                SHA1:0B51FB415EC89848F339F8989D323BEA722BFD70
                                                                                                                                                                                                SHA-256:60C06E0FA4449314DA3A0A87C1A9D9577DF99226F943637E06F61188E5862EFA
                                                                                                                                                                                                SHA-512:25F521FFE25A950D0F1A4DE63B04CB62E2A3B0E72E7405799586913208BF8F8FA52AA34E96A9CC6EE47AFCD41870F3AA0CD8289C53461D1B6E792D19B750C9A1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L..."._M.........."!.........................0.....x................................u.....@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):172096
                                                                                                                                                                                                Entropy (8bit):6.3747906238754855
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:1WkHL+UE3r2l5p2WqjgFWcWpPa6QoCzOb/UcODMM4cBqg8UyJNd5uGZzfYtRD+Em:YdNq5YkFuPYzOb/UcODMM4cBqg8UyJNR
                                                                                                                                                                                                MD5:FB658E2F5E185FE5762B169A388BA0BD
                                                                                                                                                                                                SHA1:386235AB2F7AD35E82CD9AC97E9B56E1E308BC90
                                                                                                                                                                                                SHA-256:A91E68C76A90A02D9EDF75E5141C248B3AA5DD612E37883D27065D78A782AF20
                                                                                                                                                                                                SHA-512:B0EAB6F2572552298CD221AF9E71CA7C02375D92E14F7EBD783F5DC9247964F72E658DBFC4273BD3C36DF57199171263F1A4969F133823965448C552BB514EEC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-n.C=.C=.C=...=..C=a..=..C=...=..C=...=..C=.B=..C=...=..C=...=.C=...=.C=...=.C=...=.C=...=.C=Rich.C=........................PE..L...rPjW...........!.....J...@.......-.......`.....o......................................@.............................A............ ...h..............@.......h....c..................................@............`..H............................text....H.......J.................. ..`.rdata..!....`.......N..............@..@.data...X!..........................@....rsrc....h... ...j..................@..@.reloc...".......$...d..............@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15936
                                                                                                                                                                                                Entropy (8bit):6.477211573452372
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:Gps25Bnb61mSHhV8nOeet4SzvBQnYPLr7D8/:Gpson1S/8nTetJSC7+
                                                                                                                                                                                                MD5:ED3F3D8E4C382BF8095B9DE217511E29
                                                                                                                                                                                                SHA1:CAE91B9228C99DCC88BAC3293822AC158430778C
                                                                                                                                                                                                SHA-256:800F41B877AA792A8469C4DBB99838E7A833B586EC41BD81DA81EAA571F7FAC1
                                                                                                                                                                                                SHA-512:023855267C6CC6BD5230E7A922310328E8DC0521C041C038C579035C9B1E70EAC168695B56357793505375E0B134FAD040BB284C6B02B3190EE7F6FCAEC33FE9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`...........@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):52800
                                                                                                                                                                                                Entropy (8bit):6.433054716020523
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:Rk2X5KQaT9nNrmTTY99ccAlGGzGRulFJWpiDO:RkgUhpmA99ccOGGzGRuPJWpgO
                                                                                                                                                                                                MD5:6D05EAD2F6B95C4AFFCFB1B27DC0C188
                                                                                                                                                                                                SHA1:0D04A67505D006493F252985AC294B534D271EF2
                                                                                                                                                                                                SHA-256:6330591A151E565B5EAB2D174DF8E2F6523A8F403E4E8D8C8DC58D0945881F19
                                                                                                                                                                                                SHA-512:DBE98FA16162636039853E9A82CADBE4E6D5A4E6E282A3FBBC122229C314C91E7C445FEB83921EBFE024DC09BC6AA76682F903036A2D2BEA363F1D09DD571B10
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q..D5.w.5.w.5.w..J..7.w.5.v...w.8..6.w.8..6.w.8..9.w.8..7.w.H..2.w.H..4.w.8..4.w.H..4.w.Rich5.w.........................PE..L...pPjW...........!...............................o................................/&....@....................................<.......................@...............................................@............................................text.............................. ..`.rdata..X...........................@..@.data...D...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):116288
                                                                                                                                                                                                Entropy (8bit):5.7845827860105885
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:UbqmeUF67oaebwU3ta+uHMg9glgFvcfgfgzgG4g9XTXDXp+RuXGXlXdY9vXTXvXQ:8qmeUF67ZeUUVjcIA
                                                                                                                                                                                                MD5:5AADADF700C7771F208DDA7CE60DE120
                                                                                                                                                                                                SHA1:E9CF7E7D1790DC63A58106C416944FD6717363A5
                                                                                                                                                                                                SHA-256:89DAC9792C884B70055566564AA12A8626C3AA127A89303730E66ABA3C045F79
                                                                                                                                                                                                SHA-512:624431A908C2A835F980391A869623EE1FA1F5A1A41F3EE08040E6395B8C11734F76FE401C4B9415F2055E46F60A7F9F2AC0A674604E5743AB8301DBADF279F2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........tm....X...X...X.G.X...X.G.X...X.G.X...X.G.X...XR..X...X...X...X.l.X...X.l.X...X.G.X...X.l.X...XRich...X........PE..L...pPjW...........!................=..............o................................|.....@.........................0...K...|...d.......................@....... ......................................@...............4............................text.............................. ..`.rdata..X...........................@..@.data...............................@....rsrc...............................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):86592
                                                                                                                                                                                                Entropy (8bit):6.686302444148156
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:/QsPinZd9lmzFRQnJ9sSpkWgVenAe7C3xWxNO3A4:lPE9lEmtpkj7eqWxNCA4
                                                                                                                                                                                                MD5:5E6DDF7CF25FD493B8A1A769EF4C78F7
                                                                                                                                                                                                SHA1:42748051176B776467A31885BB2889C33B780F2D
                                                                                                                                                                                                SHA-256:B9BEACA57BFF23C953917C0B2037351EF3334E6A9DE447DCA6542FE5C815BF9F
                                                                                                                                                                                                SHA-512:C47F742F064B99E5B9C2BDEAC97472D9D8C9466C9071E9799AF79F820199D9B30B198C33EF635F07A972B77475AFEA9E7417AA6335D22A7380E7B0E552869C18
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!3.ueRr&eRr&eRr&...&gRr&eRs&ERr&h..&fRr&h..&oRr&h..&hRr&h..&gRr&.+.&nRr&.+.&dRr&h..&dRr&.+.&dRr&RicheRr&........PE..L...qPjW...........!................~..............o................................O.....@........................../..B...D4..<....p...............:..@.......\...................................0...@...............|............................text...4........................... ..`.rdata..*w.......x..................@..@.data...$....@....... ..............@..._RDATA.......`.......(..............@..@.rsrc........p.......0..............@..@.reloc..\............4..............@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14912
                                                                                                                                                                                                Entropy (8bit):6.381906222478272
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:kNncquU+hyD13XLPVlD6o+N9F5os7USnYe+PjPriT0fwXF27:kNcWp7PVl67/nYPLr7s27
                                                                                                                                                                                                MD5:3C9DC0ED8ADD14A0E5B845C1ACC2FF2E
                                                                                                                                                                                                SHA1:25C395ADE02199BEDCEE95C65E088B758CD84435
                                                                                                                                                                                                SHA-256:367C552FBA3DA5F22791CF8F22B983871639ECD2EF7F5B1880021FE4C4F65EE4
                                                                                                                                                                                                SHA-512:4DD5F68180D03B6621E46732F04B47F996B96F91F67845538D1B303E598CCFDB5E4F785A76DE7DFCB8918125FDB06B9068C4EAB06984B5AA9224DCE90190BA1A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z>Mg._#4._#4._#4.'.4._#4..4._#4..4._#4..4._#4._"4>_#4..4._#4..4._#4..4._#4..4._#4Rich._#4................PE..L...pPjW...........!......................... .....o.........................`.......>....@..........................%......\"..d....@..............."..@....P..D.... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...`....0......................@....rsrc........@......................@..@.reloc.......P....... ..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15936
                                                                                                                                                                                                Entropy (8bit):6.466364086630595
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:Gpss5cnn6vmSHhV8TI1ee84SzK8nYPLr7HuY:Gps7nnS/8Tte8tC7HuY
                                                                                                                                                                                                MD5:12B6E1C3205A8B17AC20E00A889DFC43
                                                                                                                                                                                                SHA1:42458CFA7135858ACEF10803B87A208FA7E66413
                                                                                                                                                                                                SHA-256:EAEA20A794EC6BB15808EF278376A87CF91F9BE15FE6A7DE92014AC4BF75555D
                                                                                                                                                                                                SHA-512:174703820636DED2BA081420A8D1E37D67FDA6C13AC406C2F08E16DCF0C7B7D9642E37BC888802B50ED3438D6029C4FECCD7C151B82CF9A91F13F36C4A0B2019
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......r.....@.................................4#..P....@..H............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...H....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15936
                                                                                                                                                                                                Entropy (8bit):6.475930674615241
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:GpsFG5BnK6xmSHhV8TCeeX4SzREnYPLr7Ggp:Gpsen0S/8TveXUC7jp
                                                                                                                                                                                                MD5:31C0CED43A07A2DFF3AFC557EBABBE0F
                                                                                                                                                                                                SHA1:9100A7393B919EB35C79CE16A559D783219E2F20
                                                                                                                                                                                                SHA-256:B93D0D62436D89C84C66ABBDCF817084A6BA01F7E10053C8F343DF5D53D37536
                                                                                                                                                                                                SHA-512:716818BBF6E4F21C2A627259F1D35E8375EFEF9C3B197B3AF6E10A4A1735CC643141C32270DF7F6FE25733517BE38CAA09205B98119996237E8EAE6A7D0825A7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`......84....@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15936
                                                                                                                                                                                                Entropy (8bit):6.475447140204412
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:Gps85BnF26emSHhV8QM1eet4SzvBonYPLr7I:GpsGnFjS/8QBetJWC7I
                                                                                                                                                                                                MD5:43C1D1D0E248604CB3B643C0BDF4EC9A
                                                                                                                                                                                                SHA1:7BEE9DEB1E43F0FECF0FC57BDFD3F79CF048151F
                                                                                                                                                                                                SHA-256:165BFF317674BE33F2920320F3EF0957539E5BF149B673C2073DF48FF93A6D94
                                                                                                                                                                                                SHA-512:CAA9B14DF20FFF92CFC4F9A8557804FBD4CC02831824CD53AEAC7D0EE7918BBD50E22A69AB5FFC9E92A468A5201DF263707D373D60378817DC5FEFDE1ABC48BF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................|........ ....@..........................`.......t....@.................................D#..P....@..h............&..@....P....... ...............................!..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc.......P.......$..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):177216
                                                                                                                                                                                                Entropy (8bit):6.909590121652277
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:L9Wyo+Jyru3w8WqWnJjOUrI7vh+Dug9PVWU+kmaVE9TBfQiJ8:BWyPsi34i+DugFj+kmaVE9TB4/
                                                                                                                                                                                                MD5:8DC2356E3FF3A595AEDE81594A2D259A
                                                                                                                                                                                                SHA1:A05E05E9EA8FB0C8928112CA931EB4F5E977B92A
                                                                                                                                                                                                SHA-256:B9DE5D3ABBC0AC956E7F590E4C8507FF570B6C353374BB80F413B5846CE322FE
                                                                                                                                                                                                SHA-512:D5C83EBDB7192DD361856B236A07AFD4FF95E68E0036396D68A3407ED680D4A36EC857AB101DBA5F583AA67CC45A2835178DAC84A68472C7F619EFA674FE51F0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................8h....z.l.....8j.....8_......_......g.......h....8^......8o.....8n.....8i....Rich...........................PE..L...pPjW...........!...............................o......................................@.........................`...........P.......................@...........`...................................@...............D...|...@....................text............................... ..`.rdata..]...........................@..@.data....1..........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):473152
                                                                                                                                                                                                Entropy (8bit):5.475991416072106
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:ngmgmb+p19k+j4QJKFDSha+IJ6NyLu/wtAWvrMZp5WMuBzj:n17bsj4QJlha+XNyLu/iAWvhBzj
                                                                                                                                                                                                MD5:79CFE207E05F771E29847573593F6DE1
                                                                                                                                                                                                SHA1:34DFA813802C6F5A57A557BF72B2B306F8042E90
                                                                                                                                                                                                SHA-256:AEB27727F428116069944BB92B477D7487C9DEB3921E1005814536459E35222F
                                                                                                                                                                                                SHA-512:2C71A827BB156BD012BE20B30D701D5123D8B6C7889D4F4A47A483D3477C25BF224E7F205CA9FCCB08DA0A2EF28AF6433D018A0E555BCE911C31A5F462F41578
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@.....@..@..@..4@..@.u2@..@.u.@..@../@..@..?@..@..@:.@k..@..@.u.@\.@.u7@..@.u6@..@.u1@..@Rich..@........PE..L...pPjW...........!.....^..........r .......p.....o.........................p............@.........................@D.......+...........s........... ..@.... ..H6...t..................................@............p.......).......................text...\\.......^.................. ..`.rdata.......p.......b..............@..@.data....I...P...*...8..............@....rsrc....s.......t...b..............@..@.reloc...H... ...J..................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):52800
                                                                                                                                                                                                Entropy (8bit):6.367562931371078
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:0UD9dxWf4b4UoY6sUsaJ2sQ7O+phclByW3T9KMDbgz2dN6lDb/9/YMw0c3D6QsTY:0IofovBbS9KMvHR0cz6QsTPOXm2BT9j7
                                                                                                                                                                                                MD5:F434A8AC7F1C8C0E2587B9A9F30E397B
                                                                                                                                                                                                SHA1:BD62E10E44117A60EB4180412112593D9460299D
                                                                                                                                                                                                SHA-256:6A994B389B8F7109238DE6F230B1B540186ED2EC8D081C7601C6996863AA4DC8
                                                                                                                                                                                                SHA-512:9896DAC36BD4F7289C7701B75AD8EB9F7ACD233384075A3FBA6E6F2F38E420F37C1A29317EEEA3C4DDBA1791F6F17187DD5BDFDD9F98F095E7D4DF20C0D5EA3E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Hi.m...>...>...>..u>...>.Fq>...>..w>...>..C>...>.pj>...>.pz>...>...>...>c~B>...>..B>...>..s>...>..t>...>Rich...>........PE..L....HjW.................f...R.......i............@.................................._....@.....................................x.......................@.......X...@...............................P...@...................`........................text....e.......f.................. ..`.rdata...5.......6...j..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):123968
                                                                                                                                                                                                Entropy (8bit):6.699694377005066
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:jWi/SLhxEJKv0O4+zwtKg3HquHB2u0YUdRXGCDilgKptxG0ULtt1vtxgl0IlgqA2:+vdtg6ZYUniPe5vtxgl0IlgqA2
                                                                                                                                                                                                MD5:0BAB62A0CF67481EA2A7F3CAFD7C5144
                                                                                                                                                                                                SHA1:D6B010C815F4D9C675DF918B615FE0AAE45249EA
                                                                                                                                                                                                SHA-256:FC57682FDBCA50FAEBFC6B4F5D199FC407A541C110C15F0C850503006D32301A
                                                                                                                                                                                                SHA-512:0128813DE247246BF4AECE1B222B6611E5AE1EDE01A1B339CFE0F98184739D7A066DAE4F1A271F544BB39F9B79F053F4B96F2E471B9444C29855CF52FB7835CB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y..@=..=..=..4.1.?....:.<..&G>.>..=.....&G<.:..&G..>..&G.....&G9.<..&G8.<..&G?.<..Rich=..................PE..L...qPjW...........!.........................0.....p......................................@.........................p...:...\...<.......................@............0..................................@............0...............................text............................... ..`.rdata.......0......................@..@.data...............................@....rsrc...............................@..@.reloc..>...........................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):25664
                                                                                                                                                                                                Entropy (8bit):6.488681310308951
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:GxZ2v7Oc56lspQEgde9M3z27lFOJIjkzIPV5yKlWFKbKwnYPLr7Wo5L:Xr5PQEOe9MD4lFhjk8ddeKWwC7dL
                                                                                                                                                                                                MD5:039AD8A7A4B14C321F156878838A2340
                                                                                                                                                                                                SHA1:6AD9D2FBA988193D16E7B3278C0D0757AB99B3EF
                                                                                                                                                                                                SHA-256:ED3AD7EBA989FB31C2ABC3220694D1446D33659782CB1B333318EC54A577389D
                                                                                                                                                                                                SHA-512:7D5B8C191A7D0C4FEDB831DE197A3CB5DC0564AD3F2E57EEE8C506B2308B656D2F0FE086D508FAB8F03CA0E1B0574E708728373DFA3116C9B9FC5DFDB72FEE46
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O.............................;......V...............:..........................Rich....................PE..L...rPjW...........!.....(..."......h2.......@.....p.................................3....@.........................`O.......G..d....p...............L..@...........PA..............................8D..@............@..4............................text....&.......(.................. ..`.rdata..8....@.......,..............@..@.data...`....`.......B..............@....rsrc........p.......D..............@..@.reloc..^............H..............@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):195136
                                                                                                                                                                                                Entropy (8bit):6.80727029211823
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:fmtIwyq6lFq857zCYLFYEVothL10xYOXjV5qECVTHLy71vJ2qIcWYEfQQxIYh5t+:mIwyqM7qYLVVIqhfqfTm1W+Tws
                                                                                                                                                                                                MD5:E1904A4B2D6F657B9FEF053893FE3C41
                                                                                                                                                                                                SHA1:59AC965A1029AE936DDD5AE623A9A025D49737EC
                                                                                                                                                                                                SHA-256:5929E3510F67FEAE073B8995BFC542FD7A0626F57D2FBC829EFC95206DF8F85F
                                                                                                                                                                                                SHA-512:C0A60928299EA2E6DC8AD1E3DE9CEF77C8E520585F8D73BD7F56E33705D1A2AEC04AE9C01A8069AE5A0D71F28AEF42F4A260CF4D5BB44A95DCEB70E5C8DB8FEA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`.zS$...$...$...-..&...?>..'...?>..!...$.......?>.. ...?>......?>..%...?>..%...?>..%...Rich$...................PE..L...pPjW...........!.....f...........p.............p......................... .......]....@.............................f...\...P.......................@...............................................@............................................text....e.......f.................. ..`.rdata..v[.......\...j..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):16448
                                                                                                                                                                                                Entropy (8bit):6.392776971200692
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:GpssZwnvNmc6DDmSHhV8Ogee1cGPnYPLr7fl:GpssqnFm16S/8OVeLC7fl
                                                                                                                                                                                                MD5:7624A9B769CDCF3A75FE5A9FEAADD61F
                                                                                                                                                                                                SHA1:9269968968CD63D6E1ECC14F78B9A630FCC26FBE
                                                                                                                                                                                                SHA-256:41F9A804C888A58DECDE2B63A544DBFF536B40D87CECED197E1A14050858C0DA
                                                                                                                                                                                                SHA-512:1AF7BB30E1FC7600AD0A209DB4E077DAB9CEAA5C4332F8B1353ED0DB7EA71B4A9B7D126E756B634D3FB22618E39AFC5ED52263C88E9F7646EAABB0D9240E382B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........R%^.<v^.<v^.<vW..v\.<vEx.v_.<vEx.v\.<vEx.v[.<v^.=vo.<vEx.vJ.<vEx.v_.<vEx.v_.<vRich^.<v........PE..L....DjW............................z........ ....@..........................`......n.....@..................................#..P....@..\............(..@....P....... ..............................."..@............ ...............................text............................... ..`.rdata..J.... ......................@..@.data........0......................@....rsrc...\....@......................@..@.reloc.......P.......&..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):65600
                                                                                                                                                                                                Entropy (8bit):6.461111208462538
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:lVeogiQWo3IzLIoDY9p6K/sdDAZ5e1x3afX:veDib4oDu4K/sdDAZ5CxEX
                                                                                                                                                                                                MD5:806580640A68234A711D3BB0642130A7
                                                                                                                                                                                                SHA1:1EDF20DAAC15FE90E9891E95130D0DD70D005B62
                                                                                                                                                                                                SHA-256:CCCC2A9F54E4F5961DD45DAA1F6C97ECFB156EA8E0DF82277A2C109EA4D2E036
                                                                                                                                                                                                SHA-512:0AAC087449DEECBB1CFAEE5C3144500CDC4C1D209D1F1F7D8EB41DD7870504BF71D0CC9AE7761BFC609F42273B7FB3CA7801AA54FB0E92BC71C41CC5CAECD31C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D.H%..H%..H%..A]).J%...k".I%..S.$.L%..S...D%..S.&.O%..H%..w%..S...A%..S.!.I%..S. .I%..S.'.I%..RichH%..........PE..L...pPjW...........!.........L.....................p......................... .......<....@.........................`...........d.......................@...........................................P...@............................................text............................... ..`.rdata..q-..........................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):159296
                                                                                                                                                                                                Entropy (8bit):6.019927381236816
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:9vFy5zbJEQFFB9AYeb11tzTQrTBfYEaf9zQ6NlUlh5:7iFry3b11twTBgEaf9zQ6Nc
                                                                                                                                                                                                MD5:C15F0FE651B05F4288CBC3672F6DC3CE
                                                                                                                                                                                                SHA1:FFCE84FE532B41F31CDDC41C84024FAFE6BC30E6
                                                                                                                                                                                                SHA-256:869DC4D40444F10325057B0CC3BB7EA48942DD712DF8A1AE331A554FF0397F1A
                                                                                                                                                                                                SHA-512:E9E27C4C68972E3250B380C1A5D5EB02BEC03028D389234A44A7D56974BFA233D177173F929BDB6FF877AE17A529D85D384684B0037E260A0143F7A95A0204C6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ar.:%..i%..i%..i,kKi'..i.]@i&..i>.Di&..i%..in..i>.Fi ..i>.ri8..i>.si,..i>.Bi$..i>.Ei$..iRich%..i........PE..L....DjW..........................................@..................................c....@..................................p..<....................V..@........... ...............................@6..@............q...............................text............................... ..`.rdata.............................@..@.data........P.......(..............@....idata..D....p.......8..............@....rsrc................B..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):39488
                                                                                                                                                                                                Entropy (8bit):6.751057397220933
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:Okt1MVMrA9/Klzwz9UyCgMUt9onPs3h3nVt83OndMY7dmMpAnC70N:Oo1oMQ/CrPa3VWO+gdmMW6q
                                                                                                                                                                                                MD5:DE2167A880207BBF7464BCD1F8BC8657
                                                                                                                                                                                                SHA1:0FF7A5EA29C0364A1162A090DFFC13D29BC3D3C7
                                                                                                                                                                                                SHA-256:FD856EA783AD60215CE2F920FCB6BB4E416562D3C037C06D047F1EC103CD10B3
                                                                                                                                                                                                SHA-512:BB83377C5CFF6117CEC6FBADF6D40989CE1EE3F37E4CEBA17562A59EA903D8962091146E2AA5CC44CFDDDF280DA7928001EEA98ABF0C0942D69819B2433F1322
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.d....]...]...]...]...].H.]...].H.]...].H.]...]...]_..].H.]...].H.]...].H.]...].H.]...]Rich...]........................PE..L...pPjW...........!.....N...4.......W.......`.....p................................*k....@.................................<x..P.......................@...........Pa...............................v..@............`..<............................text....L.......N.................. ..`.rdata..e!...`..."...R..............@..@.data...(............t..............@....rsrc................v..............@..@.reloc...............z..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):21568
                                                                                                                                                                                                Entropy (8bit):6.4868701533420925
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:uVI9/tEAHVvfiqiW9LEiGTHb6hVXbS7fLsD5bGGNET7T7T7T7JyFoynPV5hgGLVt:uVI9/yA9f1iW9LEiGTHb6hVXbS7QbGG9
                                                                                                                                                                                                MD5:7C2959F705B5493A9701FFD9119C5EFD
                                                                                                                                                                                                SHA1:5A52D57D1B96449C2B40A82F48DE2419ACA944C3
                                                                                                                                                                                                SHA-256:596F89E7E5D9AC2B1F97FA36A20A7405C1CC41A9FCBA96DB089ADA4550131B24
                                                                                                                                                                                                SHA-512:B7B48BD14701F75B9018BEDEE5A4CFCEBDAC342F83339FB3F1EFB7855598474C9D1CC993B5D4ADD3326140435087D2BD7CBBC18BC76C64EAD6234A9A7D57C552
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D..3..`..`..`.E.`..`.E.`..`.E `..`...`..`..`2.`.E!`..`.E.`..`.E.`..`.E.`..`Rich..`........................PE..L...pPjW...........!.........".......#.......0.....p.................................h....@.........................@B.......<..x....`...............<..@....p.......0...............................;..@............0...............................text............................... ..`.rdata..6....0......................@..@.data........P.......2..............@....rsrc........`.......4..............@..@.reloc..&....p.......8..............@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):163904
                                                                                                                                                                                                Entropy (8bit):6.508553433039132
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:onzJtwzsrYx6cY+90AiVrM5muIqltkt7maRoM/X1fJqO0NJT:onttwzsrYxTaVVY5muIq3mx/X1fcb
                                                                                                                                                                                                MD5:A63387A1BFDF760575B04B7BFD57FF89
                                                                                                                                                                                                SHA1:9384247599523D97F40B973A00EE536848B1D76F
                                                                                                                                                                                                SHA-256:5DF5B7E6EFCC345DDC8448AFC707B666F5F696F554B00ACA64D8E23EDBC176BF
                                                                                                                                                                                                SHA-512:CB3A6A394424345FFA076E0BE58F284A0E4DB6FBFCE02D93FB4871D350A7FA1E673175AE988C26453DB1C983C0D06A01DD413DE47031BB4BF308CAAF3513C36F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5...T.^.T.^.T.^..)^.T.^../^.T.^...^&T.^.".^.T.^.,2^.T.^.,"^.T.^.T.^MT.^...^.T.^..*^.T.^..+^.T.^..,^.T.^Rich.T.^................PE..L...rPjW...........!...............................p......................................@.................................D........p..P............h..@.......d...................................P...@.......................@....................text............................... ..`.rdata...d.......f..................@..@.data...`@... ..."..................@....rsrc...P....p.......(..............@..@.reloc..~/.......0...8..............@..B........................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):69696
                                                                                                                                                                                                Entropy (8bit):6.89860109289213
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:ZCghp1EJqcGdjandlraksIOwIOpVnToIft4tpgO6:/142jUhimp9TBft4tqO6
                                                                                                                                                                                                MD5:CB99B83BBC19CD0E1C2EC6031D0A80BC
                                                                                                                                                                                                SHA1:927E1E24FD19F9CA8B5191EF3CC746B74AB68BCD
                                                                                                                                                                                                SHA-256:68148243E3A03A3A1AAF4637F054993CB174C04F6BD77894FE84D74AF5833BEC
                                                                                                                                                                                                SHA-512:29C4978FA56F15025355CE26A52BDF8197B8D8073A441425DF3DFC93C7D80D36755CC05B6485DD2E1F168DF2941315F883960B81368E742C4EA8E69DD82FA2BA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........H....................2.................4.....................5.............................Rich............PE..L...pPjW...........!.........h.....................p.........................0......V.....@.................................L...d.......................@.... ..X...0...................................@............................................text............................... ..`.rdata..wV.......X..................@..@.data...............................@....rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):155
                                                                                                                                                                                                Entropy (8bit):4.618267268558291
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:nSkoZgZLXnuWxVEsTwVAAiuKIn7IRAdSPGGzJ0vwQAnfMaAHCRyvy:nBcAPWEwVAkIiSPhwwpkaAHCIa
                                                                                                                                                                                                MD5:9E5E954BC0E625A69A0A430E80DCF724
                                                                                                                                                                                                SHA1:C29C1F37A2148B50A343DB1A4AA9EB0512F80749
                                                                                                                                                                                                SHA-256:A46372B05CE9F40F5D5A775C90D7AA60687CD91AAA7374C499F0221229BF344E
                                                                                                                                                                                                SHA-512:18A8277A872FB9E070A1980EEE3DDD096ED0BBA755DB9B57409983C1D5A860E9CBD3B67E66FF47852FE12324B84D4984E2F13859F65FABE2FF175725898F1B67
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# Load the Java Access Bridge class into the JVM..#..#assistive_technologies=com.sun.java.accessibility.AccessBridge..#screen_magnifier_present=true....
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1438
                                                                                                                                                                                                Entropy (8bit):5.214662998532387
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:QVDpdQYHLOVhl86bePCkHUMCLC9TFcgg+DR+Oby:MQ4LOVh2WGfUMCLC9Zcgg2Ru
                                                                                                                                                                                                MD5:92BA2D87915E6F7F58D43344DF07E1A6
                                                                                                                                                                                                SHA1:872BC54E53377AAC7C7616196BCCE1DB6A3F0477
                                                                                                                                                                                                SHA-256:68F0CF30429A42A6FE78B1DE91970E5C78FD03D1599BEB080C1C196D5C59E4C0
                                                                                                                                                                                                SHA-512:A964E2CEB4D601FAF28ECF13FB11777B70708C21CF9EA23721E462B6E911051108B8A42EBF6447FA49CB61D7FA2D79475F50EE791F1121616371E2B02FAB71B6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....#..# Japanese imperial calendar..#..# Meiji since 1868-01-01 00:00:00 local time (Gregorian)..# Taisho since 1912-07-30 00:00:00 local time (Gregorian)..# Showa since 1926-12-25 00:00:00 local time (Gregorian)..# Heisei since 1989-01-08 00:00:00 local time (Gregorian)..calendar.japanese.type: LocalGregorianCalendar..calendar.japanese.eras: \...name=Meiji,abbr=M,since=-3218832000000; \...name=Taisho,abbr=T,since=-1812153600000; \...name=Showa,abbr=S,since=-1357603200000; \...name=Heisei,abbr=H,since=600220800000....#..# Taiwanese calendar..# Minguo since 1911-01-01 00:00:00 local time (Gregorian)..calendar.taiwanese.type: LocalGregorianCalendar..calendar.taiwanese.eras: \...name=MinGuo,since=-1830384000000....#..# Thai Buddhist calendar..# Buddhist Era since -5
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3091908
                                                                                                                                                                                                Entropy (8bit):6.633254981822853
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:puZi4j4TQkgaSOHEhjy2twRYEc1sJzlbguMuD:puZiW4smxGocuJlbgq
                                                                                                                                                                                                MD5:0B3923ABB0D48FDAE7A2306717967B39
                                                                                                                                                                                                SHA1:0882294FFEC2769023AA36FF9CC53562F8E26020
                                                                                                                                                                                                SHA-256:E88AEC2A49F07CAC9471D9E4C113FA189600B57245685814D043C20EA8A8B471
                                                                                                                                                                                                SHA-512:CF622081B290140CE8419B30FB25442F7204C9A37E1490030A4D656F66C509946F48C50CC7794DA51007EFB202805605FE3C2AC3534D63FBF928EA35CE16A040
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........s..H................META-INF/....PK........s..H<:S1D...D.......META-INF/MANIFEST.MFManifest-Version: 1.0..Created-By: 1.7.0_07 (Oracle Corporation)....PK...........HUi..............sun/nio/cs/ext/Big5.class.......4."..........t....t............................................................................................................................................................................................................................................................................................................................................................................~.........b2cSBStr...Ljava/lang/String;...ConstantValue...b2cStr...[Ljava/lang/String;...b2c...[[C...b2cSB...[C...b2cInitialized...Z...c2b...c2bIndex...c2bInitialized...<init>...()V...Code...LineNumberTable...historicalName...()Ljava/lang/String;...contains...(Ljava/nio/charset/Charset;)Z...StackMapTable...newDecoder..#()Ljava/nio/charset/CharsetDecoder;...newEncoder..#()Ljava/nio/charset/Ch
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):84355
                                                                                                                                                                                                Entropy (8bit):4.927199323446014
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:4X/nxfn5rxLyMznYolTzlff5OK3COHoHNG5rb/cxNwmCX1g86K2oWdAqNqc+KMjD:qxn5rxLyMzbf5OK3CJNG51g86A
                                                                                                                                                                                                MD5:7FC71A62D85CCF12996680A4080AA44E
                                                                                                                                                                                                SHA1:199DCCAA94E9129A3649A09F8667B552803E1D0E
                                                                                                                                                                                                SHA-256:01FE24232D0DBEFE339F88C44A3FD3D99FF0E17AE03926CCF90B835332F5F89C
                                                                                                                                                                                                SHA-512:B0B9B486223CF79CCF9346AAF5C1CA0F9588247A00C826AA9F3D366B7E2EF905AF4D179787DCB02B32870500FD63899538CF6FAFCDD9B573799B255F658CEB1D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:java/lang/Object..java/lang/String..java/io/Serializable..java/lang/Comparable..java/lang/CharSequence..java/lang/Class..java/lang/reflect/GenericDeclaration..java/lang/reflect/AnnotatedElement..java/lang/reflect/Type..java/lang/Cloneable..java/lang/ClassLoader..java/lang/System..java/lang/Throwable..java/lang/Error..java/lang/ThreadDeath..java/lang/Exception..java/lang/RuntimeException..java/lang/SecurityManager..java/security/ProtectionDomain..java/security/AccessControlContext..java/security/SecureClassLoader..java/lang/ClassNotFoundException..java/lang/ReflectiveOperationException..java/lang/NoClassDefFoundError..java/lang/LinkageError..java/lang/ClassCastException..java/lang/ArrayStoreException..java/lang/VirtualMachineError..java/lang/OutOfMemoryError..java/lang/StackOverflowError..java/lang/IllegalMonitorStateException..java/lang/ref/Reference..java/lang/ref/SoftReference..java/lang/ref/WeakReference..java/lang/ref/FinalReference..java/lang/ref/PhantomReference..sun/misc/Cleaner
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Sun KCMS color profile 2.0, type KCMS, XYZ/XYZ-spac device, 51236 bytes, 2-12-1997 18:50:04, dependently, PCS X=0xf6b3 Z=0xd2f8 "XYZ to XYZ Identity Profile"
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):51236
                                                                                                                                                                                                Entropy (8bit):7.226972359973779
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:2Qnt0y7xFNksbeCqY39JJ8GmaNo68GmaNo68GmaNoW:JOy7xXjtqYNfHxNo6HxNo6HxNoW
                                                                                                                                                                                                MD5:10F23396E21454E6BDFB0DB2D124DB85
                                                                                                                                                                                                SHA1:B7779924C70554647B87C2A86159CA7781E929F8
                                                                                                                                                                                                SHA-256:207D748A76C10E5FA10EC7D0494E31AB72F2BACAB591371F2E9653961321FE9C
                                                                                                                                                                                                SHA-512:F5C5F9FC3C4A940D684297493902FD46F6AA5248D2B74914CA5A688F0BAD682831F6060E2264326D2ECB1F3544831EB1FA029499D1500EA4BFE3B97567FE8444
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...$KCMS....spacXYZ XYZ .........2..acspSUNW....KODA.ODA............................................................................A2B0.......4B2A0.......4cprt.......Gwtpt...T....desc...h....K070........K071........mft2................................................................................................................ !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~.................................................................................................................................................................................................................................................................................................................................. !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmm
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Sun KCMS color profile 2.0, type KCMS, GRAY/XYZ-mntr device, KODA/GRAY model, 632 bytes, 27-7-95 17:30:15, embedded, relative colorimetric, PCS Z=0xd32b "KODAK Grayscale Conversion - Gamma 1.0"
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):632
                                                                                                                                                                                                Entropy (8bit):3.7843698642539243
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:51AP3fJgXQ531yqQac/lkgz42WlHlYujlOl9Fhl:vA2XQCqpUlkgzulHiXl3hl
                                                                                                                                                                                                MD5:1002F18FC4916F83E0FC7E33DCC1FA09
                                                                                                                                                                                                SHA1:27F93961D66B8230D0CDB8B166BC8B4153D5BC2D
                                                                                                                                                                                                SHA-256:081CAAC386D968ADD4C2D722776E259380DCF78A306E14CC790B040AB876D424
                                                                                                                                                                                                SHA-512:334D932D395B46DFC619576B391F2ADC2617E345AFF032B592C25E333E853735DA8B286EF7542EB19059CDE8215CDCEA147A3419ED56BDD6006CA9918D0618E1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...xKCMS....mntrGRAYXYZ ._..........acspSUNW....KODAGRAY.......................+....................................................cprt.......?desc........dmnd.......`wtpt........kTRC........dmdd.......dtext....COPYRIGHT (c) 1997 Eastman Kodak, All rights reserved...desc.......'KODAK Grayscale Conversion - Gamma 1.0..................@...............~.......................~.......~..............desc........KODAK..................@..................................................,...,....XYZ ...............+curv............desc........Grayscale..................@..................................................,...,....
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:color profile 2.0, type KCMS, RGB/XYZ-mntr device by KODK, 1044 bytes, 2-2-1998, PCS Z=0xd32c "linear sRGB"
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1044
                                                                                                                                                                                                Entropy (8bit):6.510788634170065
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6:zwuau/7De0/q98EAsBIMD/WvaKIV4R0/lCAEdD0WlV9AEdwKKt/n3knR3lfR/NHD:zw7ePB/rEAsBIkVuUlAYKu/nUnKw
                                                                                                                                                                                                MD5:A387B65159C9887265BABDEF9CA8DAE5
                                                                                                                                                                                                SHA1:7913274C2F73BAFCF888F09FF60990B100214EDE
                                                                                                                                                                                                SHA-256:712036AA1951427D42E3E190E714F420CA8C2DD97EF01FCD0675EE54B920DB46
                                                                                                                                                                                                SHA-512:359D9B57215855F6794E47026C06036B93710998205D0817C6E602B2A24DAEB92537C388F129407461FC60180198F02A236AEB349A17430ED7AC85A1E5F71350
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:....KCMS....mntrRGB XYZ ............acsp........KODK...........................,KODK................................................cprt.......Hdesc...8....rXYZ........gXYZ........bXYZ........rTRC........gTRC........bTRC........wtpt........text....Copyright (c) Eastman Kodak Company, 1998, all rights reserved..desc........linear sRGB............l.i.n.e.a.r. .s.R.G.B.....linear sRGB........................................................XYZ ......m...6.....XYZ ......e........!XYZ ......#B...^...Kcurv........................................................................ !!""##$$%%&&''(())**++,,--..//00112233445566778899::;;<<==>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ[[\\]]^^__``aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~..........................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Sun KCMS color profile 2.0, type KCMS, 3CLR/Lab-spac device, 274474 bytes, 6-11-1996 7:50:04, PCS X=0xf6b3 Z=0xd2f8 "Std Photo YCC Print"
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):274474
                                                                                                                                                                                                Entropy (8bit):7.843290819622709
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:nJleRNRyAnAqNaADEJHeeeeevoAuaiqwV6sg0pUjRVgYgI:nJleRNRpN0j3qhjRC9I
                                                                                                                                                                                                MD5:24B9DEE2469F9CC8EC39D5BDB3901500
                                                                                                                                                                                                SHA1:4F7EED05B8F0EEA7BCDC8F8F7AAEB1925CE7B144
                                                                                                                                                                                                SHA-256:48122294B5C08C69B7FE1DB28904969DCB6EDC9AA5076E3F8768BF48B76204D0
                                                                                                                                                                                                SHA-512:D23CE2623DE400216D249602486F21F66398B75196E80E447143D058A07438919A78AE0ED2DDF8E80D20BD70A635D51C9FB300E9F08A4751E00CD21883B88693
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:..0*KCMS....spac3CLRLab .........2..acspSUNW....KODAnone............................................................................A2B0... ...4B2A0...T..f4cprt..-....Gdmnd..-....ndmdd...@...zwtpt........desc.......nK013../@....K019../L....K030../.....K031..0.....K070..0.....K071..0 ....mft2.....................................................K.S.8.....l.....0...3.........U.. .!h".$.%\&.'.)5*y+.,..5/o0.1.3.4E5v6.7.8.:*;S<z=.>.?.A.B,CLDkE.F.G.H.I.K.L!M7NLO`PsQ.R.S.T.U.V.W.X.Y.[.\.].^._%`,a2b8c=dAeEfHgJhLiMjMkMlLmKnIoFpCq@r;s7t1u,v%w.x.y.z.z.{.|.}.~...............p.b.S.C.3.#..............~.j.U.@.+.............t.\.C.*...........r.W.;...........p.R.3..........w.V.6.........l.J.'........v.R.-.......t.N.(.......f.?........v.N.%........U.+.......U.*......z.N."......n.@.......Z.+......o.@.........P. .......\.+.......d.1...........................z.p.f.[.Q.G.=.3.). ........................ .!.".#.$.%.&{'s(k)d*]+U,N-G.@/9021,2%3.4.5.6.7.8.8.9.:.;.<.=.>.?.@.A.B.C.D.E.F.
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Microsoft color profile 2.1, type Lino, RGB/XYZ-mntr device, IEC/sRGB model by HP, 3144 bytes, 9-2-1998 6:49:00 "sRGB IEC61966-2.1"
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3144
                                                                                                                                                                                                Entropy (8bit):7.026867070945169
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:+FflsXlf/lulel4wlwx+6MjnNsvIYWiR5QkyTJbZPHXZ9u6gbVwyKzJgWjU:aN26MT0D5MdtbZPAVwzV0
                                                                                                                                                                                                MD5:1D3FDA2EDB4A89AB60A23C5F7C7D81DD
                                                                                                                                                                                                SHA1:9EAEA0911D89D63E39E95F2E2116EAEC7E0BB91E
                                                                                                                                                                                                SHA-256:2B3AA1645779A9E634744FAF9B01E9102B0C9B88FD6DECED7934DF86B949AF7E
                                                                                                                                                                                                SHA-512:16AAE81ACF757036634B40FB8B638D3EBA89A0906C7F95BD915BC3579E3BE38C7549EE4CD3F344EF0A17834FF041F875B9370230042D20B377C562952C47509B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...HLino....mntrRGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP ................................................cprt...P...3desc.......lwtpt........bkpt........rXYZ........gXYZ...,....bXYZ...@....dmnd...T...pdmdd........vued...L....view.......$lumi........meas.......$tech...0....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c) 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1............sRGB IEC61966-2.1..................................................XYZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........desc........IEC http://www.iec.ch............IEC http://www.iec.ch..............................................desc........IEC 61966-2.1 Default RGB colour space - sRGB............IEC 61966-2.1 Default RGB colour space - sRGB......................desc.......,Reference Viewing Condition in IEC61966-2.1...........,Reference Viewing Condition in IEC61966-2.1..........................view.........._.....
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5824
                                                                                                                                                                                                Entropy (8bit):5.074440246603207
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:6M5VfH+uEMmPDkZeujdJfZUB8BB/+PhPXsOQ71GAXf5lZuU1EbWF7Ycx/AQ12a8T:6M6p4ZeWd1ZUB8BBGPhPXsOQ71GAXBly
                                                                                                                                                                                                MD5:95AE170D90764B3F5E68C72E8C518DDC
                                                                                                                                                                                                SHA1:1939B699D16A5DB3E3F905466222099D7C29285A
                                                                                                                                                                                                SHA-256:A2B31E9CBCEAB296A5E1CF056EFD953CED23B888CD929B0BBE6EB6B53D2BF861
                                                                                                                                                                                                SHA-512:87E970BEAC8141C757D622FC8B6D84FE173EA4B134AFD8E2F979714C1110C3D92F3CE5F2B9DC74804DD37D13AB2A0EDF0FCA242F61CF8ED065AE81B7331F8816
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#sun.net.www MIME content-types table..#..# Property fields:..#..# <description> ::= 'description' '=' <descriptive string>..# <extensions> ::= 'file_extensions' '=' <comma-delimited list, include '.'>..# <image> ::= 'icon' '=' <filename of icon image>..# <action> ::= 'browser' | 'application' | 'save' | 'unknown'..# <application> ::= 'application' '=' <command line template>..#....#..# The "we don't know anything about this data" type(s)...# Used internally to mark unrecognized types...#..content/unknown: description=Unknown Content..unknown/unknown: description=Unknown Data Type....#..# The template we should use for temporary files when launching an application..# to view a document of given type...#..temp.file.template: c:\\temp\\%s....#..# The "real" types...#..application/octet-stream: \...description=Generic Binary Stream;\...file_extensions=.saveme,.dump,.hqx,.arc,.obj,.lib,.bin,.exe,.zip,.gz....application/oda: \...description=ODA Document;\...file_extens
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4122
                                                                                                                                                                                                Entropy (8bit):3.2585384283455134
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:BlWxFFGFSupi94blATFxjGph5vLC6/w37ZXQTbVm/eVzOBJ:BlWJEi94blAT+ph5vLkApmGqr
                                                                                                                                                                                                MD5:F6258230B51220609A60AA6BA70D68F3
                                                                                                                                                                                                SHA1:B5B95DD1DDCD3A433DB14976E3B7F92664043536
                                                                                                                                                                                                SHA-256:22458853DA2415F7775652A7F57BB6665F83A9AE9FB8BD3CF05E29AAC24C8441
                                                                                                                                                                                                SHA-512:B2DFCFDEBF9596F2BB05F021A24335F1EB2A094DCA02B2D7DD1B7C871D5EECDA7D50DA7943B9F85EDB5E92D9BE6B6ADFD24673CE816DF3960E4D68C7F894563F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:CurD..........................@C..,M...................... K...C..PF..4@...........R...........C......TF...........M..DL...C.......S..........<M...c...................C...C...A..........hK...C...M.......... O......8...PC...C..........@E...............E..............`.......pX...O...........B...C.......O...D..............,J..........................................@J..............XO..........................................0C...........................O...........................................M.......A...............................................................C...O...................................................................O..........TK...........R...O..............8C...........................P.................. C..............................................`C..........PK...............J......0F..pE...................................Q...............................R.......Q...........c...Q...................................................................................C
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2282861
                                                                                                                                                                                                Entropy (8bit):7.951223313727943
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:ABSxAmHHJwEu4l3Dyz7oQHeNHJJ2aAvfZc:ABEtHHaEuI3Dy3oQH2pFAvW
                                                                                                                                                                                                MD5:2388C4C8D5F95E0379A8997C7C2492F4
                                                                                                                                                                                                SHA1:906BF87EB1D8881ABADBF93A3C4BBA7887CA2A01
                                                                                                                                                                                                SHA-256:A1FD508EACF76645EB0885B243B5DD14239F1E039E8B53ED038226DF91A30539
                                                                                                                                                                                                SHA-512:2CCE11A5F97DF842964B55408FCF1EC84C0CD561E664ABA3A51275EAFE59D7C920FCFD954C527DA4D53ACB191200CC64BF8150A33BCB9B038F36ADB2CC69B1A1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK...........H................META-INF/....PK...........H...7Z...e.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...y...R.KRSt.*...L....u....4....sR......K..5y.x..PK...........H................com/PK...........H................com/oracle/PK...........H................com/oracle/deploy/PK...........H................com/oracle/deploy/update/PK...........H................com/sun/PK...........H................com/sun/applet2/PK...........H................com/sun/applet2/preloader/PK...........H............ ...com/sun/applet2/preloader/event/PK...........H................com/sun/deploy/PK...........H................com/sun/deploy/appcontext/PK...........H................com/sun/deploy/association/PK...........H............#...com/sun/deploy/association/utility/PK...........H................com/sun/deploy/cache/PK...........H................com/sun/deploy/config/PK...........H................com/sun/deploy/jardiff/PK...........H................com/sun/deploy/model/PK.....
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14156
                                                                                                                                                                                                Entropy (8bit):5.649187440261259
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:E84SHTDIbZI+R9ufdITe3MPu20DguN9P5YOinvYrJJ0JKP/U8HtK8NJO8lJi8VJb:kld6uQZ9P5dTC7IjZUkPmpaemFqKs8n
                                                                                                                                                                                                MD5:91052ADB799AEF68EA76931997C40CE4
                                                                                                                                                                                                SHA1:19255B8E335C22A171C26148099191708C99EE7A
                                                                                                                                                                                                SHA-256:61D1382375238F90E2E4EE2AF985D978F1409E01B38080E710DF4ACB2897E63B
                                                                                                                                                                                                SHA-512:39BAA49A1CEF533E5D3FFF1A86BC72CB346A6BF1928A9D8B505EBA09A4AB1506400234DE78BDFD925821F0A690B8887BD004A18CC64337DEB666CC2509DEE5DA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........$..H............'...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/UT....GjW.GjWux.............PK........#..H................{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/UT....GjW.GjWux.............PK........#..H............6...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/UT....GjW.GjWux.............PK........#..H............>...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/ffjcext/UT....GjW.GjWux.............PK........#..H...V........H...{CAFEEFAC-0018-0000-0101-ABCDEFFEDCBA}/chrome/content/ffjcext/ffjcext.jsUT....GjW.GjWux.............const gJavaConsole1_8_0_101 = {...id.: "javaconsole1.8.0_101",...mimeType: "application/x-java-applet;jpi-version=1.8.0_101",...install.: function() {...window.addEventListener("load",this.init,false);..},...init.: function() { ...if (navigator.mimeTypes[gJavaConsole1_8_0_101.mimeType]) {....var toolsPopup = document.getElementById("menu_ToolsPopup");.....toolsPopup.addEventListener("popupshowing",gJavaConsole1_8_0_101.enable,false)
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2917
                                                                                                                                                                                                Entropy (8bit):4.838706790124659
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:KaDMJ9TmsHDmDDCDP2un8YzgKe1E13Tstub22tTeF/Qi/WRtAXikTzgaENZzT3JI:KaD+9TmAe29vBotubbt2Oz+ENlbJI
                                                                                                                                                                                                MD5:2EB9117D147BAA0578E4000DA9B29E12
                                                                                                                                                                                                SHA1:3D297ECF3D280D4AA3D1423E885994495243F326
                                                                                                                                                                                                SHA-256:B8D9C69FF7F4832A9B365D4A43CF66DFF9847051752B13EEDF024CAA9C1EF46B
                                                                                                                                                                                                SHA-512:C3F7730767941B3C8F6F53D4686E9F898D1907D978F6D1FA35BA02C3FCD8306335406A5F9ABAA844F27F7AFD9E548810BECB9EC3E6B84888EA5EAC57B6ED6FDB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=internal error, unknown message..error.badinst.nojre=Bad installation. No JRE found in configuration file..error.launch.execv=Error encountered while invoking Java Web Start (execv)..error.launch.sysexec=Error encountered while invoking Java Web Start (SysExec) ..error.listener.failed=Splash: sysCreateListenerSocket failed..error.accept.failed=Splash: accept failed..error.recv.failed=Splash: recv failed..error.invalid.port=Splash: didn't revive a valid port..error.read=Read past end of buffer..error.xmlparsing=XML Parsing error: wrong kind of token found..error.splash.exit=Java Web Start splash screen process exiting .....\n..# "Last WinSock Error" means the error message for the last operation that failed...error.winsock=\tLast WinSock Error: ..error.winsock.load=Couldn't load winsock.dll..error.winsock.start
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (1345), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3338
                                                                                                                                                                                                Entropy (8bit):4.919780187496773
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:WvaqyL1nlrDtzh5+VN9JrnjXyv6jq/YgKe1h/KZkCUdr5pAvA1t2CPTOsdIamy:txrj5Snk6+wuir25pAvAv2ITOsd9
                                                                                                                                                                                                MD5:FF9CFEE1ACFCD927253A6E35673F1BB7
                                                                                                                                                                                                SHA1:957E6609A1AF6D06A45A6F7B278BE7625807B909
                                                                                                                                                                                                SHA-256:E130FBD5FA378A380F46F42981F2C97BC152059C27120204AB4DA47079D31513
                                                                                                                                                                                                SHA-512:F42601092436D7AF30CCD81126185232D9D643B195D3D4619AEC451E3E2A60E33E6378E770DD1A4CDF7AB20CB749371665A992CA73D2842A7102F3FB34B6B9EB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=interner Fehler, unbekannte Meldung..error.badinst.nojre=Ung\u00FCltige Installation. Keine JRE in Konfigurationsdatei gefunden..error.launch.execv=Fehler beim Aufrufen von Java Web Start (execv) aufgetreten..error.launch.sysexec=Fehler beim Aufrufen von Java Web Start (SysExec) aufgetreten..error.listener.failed=Startbildschirm: sysCreateListenerSocket nicht erfolgreich..error.accept.failed=Startbildschirm: accept nicht erfolgreich..error.recv.failed=Startbildschirm: recv nicht erfolgreich..error.invalid.port=Startbildschirm: Reaktivierung eines g\u00FCltigen Ports nicht m\u00F6glich..error.read=\u00DCber Pufferende hinaus gelesen..error.xmlparsing=XML-Parsefehler: Falscher Tokentyp gefunden..error.splash.exit=Prozess f\u00FCr Startbildschirm von Java Web Start wird beendet.....\n..# "Last WinSock Error" mean
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (1475), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3632
                                                                                                                                                                                                Entropy (8bit):4.776451902180833
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:KHelXJn5woLUosi30hrleaRSfvlBY0CQ1Z:KHelNTAxFtlE/71Z
                                                                                                                                                                                                MD5:72BDAE07C5D619E5849A97ACC6A1090F
                                                                                                                                                                                                SHA1:9FC8A7A29658AC23A30AB9D655117BB79D08DC3B
                                                                                                                                                                                                SHA-256:821A3452ECB9F29BCEC16C0B39FB668C2CC30C7F7283B34BFC5400040723892B
                                                                                                                                                                                                SHA-512:67F0D1D60012B5598864B68612AA488AF1B5876FF5F347CD98ABCF1E3C0D267CF0354D5085BF12B0A09C6EF124FD0117CD16FCC032DA2B195D45BAB19740BB78
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=Error interno, mensaje desconocido..error.badinst.nojre=Instalaci\u00F3n incorrecta. No se ha encontrado JRE en el archivo de configuraci\u00F3n..error.launch.execv=Se ha encontrado un error al llamar a Java Web Start (execv)..error.launch.sysexec=Se ha encontrado un error al llamar a Java Web Start (SysExec) ..error.listener.failed=Pantalla de Presentaci\u00F3n: fallo de sysCreateListenerSocket..error.accept.failed=Pantalla de Presentaci\u00F3n: fallo de accept..error.recv.failed=Pantalla de Presentaci\u00F3n: fallo de recv..error.invalid.port=Pantalla de Presentaci\u00F3n: no se ha activado un puerto v\u00E1lido..error.read=Lectura m\u00E1s all\u00E1 del final del buffer..error.xmlparsing=Error de an\u00E1lisis de XML: se ha encontrado un tipo de token no v\u00E1lido..error.splash.exit=Saliendo del proceso d
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (1575), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3441
                                                                                                                                                                                                Entropy (8bit):4.832330268062187
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:KE2CXpRLJDNXQC6tNaEGBlu9hUv5//zEvDiwkISAyHgKe1p6KF/uoYuh1LNRtS0f:KERXlp6tN1VHq1Kt1S4x8Xi
                                                                                                                                                                                                MD5:FFE3CC16616314296C3262B0A0E093CD
                                                                                                                                                                                                SHA1:198DD1C6E6707C10AE74A1C42E8A91C429598F3B
                                                                                                                                                                                                SHA-256:3941736BEF6A8E53D002B6B67ECE4793C2F3F34BCC1ECB271684EB3F73FC4103
                                                                                                                                                                                                SHA-512:CD3A9329F405CA14E11CDBB74D467B31A31530CBF00537B16FB23AEBC6C07EB268E9624FDBC997AA0CF4852DAC288E1D011E2FC392D71E25DBDF52E359BA9D4E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=erreur interne, message inconnu..error.badinst.nojre=Installation incorrecte. JRE introuvable dans le fichier de configuration..error.launch.execv=Erreur lors de l'appel de Java Web Start (execv)..error.launch.sysexec=Erreur lors de l'appel de Java Web Start (SysExec) ..error.listener.failed=Accueil : \u00E9chec de sysCreateListenerSocket..error.accept.failed=Accueil : \u00E9chec d'accept..error.recv.failed=Accueil : \u00E9chec de recv..error.invalid.port=Accueil : impossible de r\u00E9activer un port valide..error.read=Lecture apr\u00E8s la fin de tampon..error.xmlparsing=Erreur d'analyse XML : type incorrect de jeton..error.splash.exit=Le processus d'affichage de l'\u00E9cran d'accueil de Java Web Start est en cours de fermeture...\n..# "Last WinSock Error" means the error message for the last operation that
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (1392), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3255
                                                                                                                                                                                                Entropy (8bit):4.7050139579578145
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:KTi+qOaVUVVMsD/B0FN5+eADELDHxhdpHgKe1uo265eLaqMQ6URhmwgFs+ur60:KJBa2VtzeDLDRhd5A26+7RhZgR0
                                                                                                                                                                                                MD5:BF5E5310B2DCF8E8B3697B358AD4446D
                                                                                                                                                                                                SHA1:C746AC1F46F607FA8F971BEA2B6853746A4FB28D
                                                                                                                                                                                                SHA-256:CC9AD73957535011EE2376C23DE2C2597F877ACEBA9173E822EE79AAD3C4E9E6
                                                                                                                                                                                                SHA-512:B6C61D38B0ACC427B9B2F4C19DABD7EACBE8EEA6B973FD31B3555C4C5B3FFAF1CA036B730359346F57223B44CCE79E04A6D06BBC13C6F7DD26ED463776BB6DCC
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=errore interno, messaggio sconosciuto..error.badinst.nojre=Installazione errata. Impossibile trovare il JRE nel file di configurazione..error.launch.execv=Errore durante la chiamata di Java Web Start (execv)..error.launch.sysexec=Errore durante la chiamata di Java Web Start (SysExec) ..error.listener.failed=Apertura: sysCreateListenerSocket non riuscito..error.accept.failed=Apertura: accept non riuscito..error.recv.failed=Apertura: recv non riuscito..error.invalid.port=Apertura: impossibile identificare una porta valida..error.read=Tentativo di lettura dopo la fine del buffer..error.xmlparsing=Errore durante l'analisi XML: trovato un tipo di token errato..error.splash.exit=Uscita dal processo di schermata iniziale di Java Web Start in corso...\n..# "Last WinSock Error" means the error message for the last oper
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (2924), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):6381
                                                                                                                                                                                                Entropy (8bit):4.5983590678211135
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:Mu7cepcgD8do+O2D+k8/RJFGQcHGqo72hzEflA44CAmIbIC3j5pN/o8woJe:PctgYqhTYzG2O
                                                                                                                                                                                                MD5:D830FC76BDD1975010ECE4C5369DADF8
                                                                                                                                                                                                SHA1:D8CC3F54325142EFA740026E2BC623AFE6F3ACB5
                                                                                                                                                                                                SHA-256:11E886336BA51A9044AB1A87C60CEEE34C29BB724E06A16968D31531A7001064
                                                                                                                                                                                                SHA-512:7B867A50A811FBD7FFDAD0B729CA4501E16386EE5C4940A4CF9A805767CC0D10F7E3BDFD6A60204D79292D778D93E3BD915368AC0E9453BBB1010ADFD9655F0F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5185\u90E8\u30A8\u30E9\u30FC\u3001\u4E0D\u660E\u306A\u30E1\u30C3\u30BB\u30FC\u30B8..error.badinst.nojre=\u30A4\u30F3\u30B9\u30C8\u30FC\u30EB\u304C\u6B63\u3057\u304F\u3042\u308A\u307E\u305B\u3093\u3002\u69CB\u6210\u30D5\u30A1\u30A4\u30EB\u5185\u306BJRE\u304C\u3042\u308A\u307E\u305B\u3093..error.launch.execv=Java Web Start\u306E\u547C\u51FA\u3057\u4E2D\u306B\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(execv)..error.launch.sysexec=Java Web Start\u306E\u547C\u51FA\u3057\u4E2D\u306B\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F(SysExec) ..error.listener.failed=\u30B9\u30D7\u30E9\u30C3\u30B7\u30E5: sysCreateListenerSocket\u306B\u5931\u6557\u3057\u307E\u3057\u305F..error.accept.failed=\u30B9\u30D7\u30E9\u30C3\u30B7\u30E5: accept\u306B\u5931\u6557\u3057\u307E\u3057\u305F..error.recv.fai
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (2601), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):5744
                                                                                                                                                                                                Entropy (8bit):4.781504394194986
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:GhymCk3kjLqgz9RkfrsEW/p9M32i0HkZr+ywc8b8+/moD7yct070DL70Dm:Dm5kLfIErMbT/44in
                                                                                                                                                                                                MD5:64DE22212EE92F29BCA3ACED72737254
                                                                                                                                                                                                SHA1:C4DBC247043578CCF9CD8DAB652D096703D5B26E
                                                                                                                                                                                                SHA-256:292696C94D5FD0BF2FF4AF9E4D363BFCBE888D2E65BD18A20CF71081FB1C9B0D
                                                                                                                                                                                                SHA-512:CA33C75B66D8B5316B1C3ED41A9A14DD8611A3BB9B26EFDC7F468250696D515CF1E966831975C9ABDC33E9A1C59167FE79BA547592D2A04997E1342433E7B628
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\uB0B4\uBD80 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. \uC54C \uC218 \uC5C6\uB294 \uBA54\uC2DC\uC9C0\uC785\uB2C8\uB2E4...error.badinst.nojre=\uC124\uCE58\uAC00 \uC798\uBABB\uB418\uC5C8\uC2B5\uB2C8\uB2E4. \uAD6C\uC131 \uD30C\uC77C\uC5D0\uC11C JRE\uB97C \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4...error.launch.execv=Java Web Start(execv)\uB97C \uD638\uCD9C\uD558\uB294 \uC911 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4...error.launch.sysexec=Java Web Start(SysExec)\uB97C \uD638\uCD9C\uD558\uB294 \uC911 \uC624\uB958\uAC00 \uBC1C\uC0DD\uD588\uC2B5\uB2C8\uB2E4. ..error.listener.failed=\uC2A4\uD50C\uB798\uC2DC: sysCreateListenerSocket\uC744 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4...error.accept.failed=\uC2A4\uD50C\uB798\uC2DC: \uC2B9\uC778\uC744 \uC2E4\uD328\uD588\uC2B5\uB2C8\uB2E4...error.r
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (1319), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3317
                                                                                                                                                                                                Entropy (8bit):4.869662880084367
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:3c6BeKTDcUsLYg9tStwmx+supWBxKy0HgKe1u6K0NCMc6MTNTjtA7NZdlw7ZHAW:3c6fbEf1mxPuUBxKy4va+mZdlw7Z7
                                                                                                                                                                                                MD5:4078691AB22C4F0664856BE0C024A52F
                                                                                                                                                                                                SHA1:6247FC05DE429F65DC4E1356C4715DC51F43B98F
                                                                                                                                                                                                SHA-256:6869B27B12B99C9D169B3E018284BE0F7631DBDF2DDD5F4EA5B1A458736FDFDF
                                                                                                                                                                                                SHA-512:BB02765F69E23C732C790EB994800C83BB8EFE7FF8CE0BCDC475EC5A29CEF5A33A5513AB1A7DC9F0F066B807A0980C41EC0037710873A32BD2952DBED79D24CA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=erro interno, mensagem desconhecida..error.badinst.nojre=Instala\u00E7\u00E3o incorreta. Nenhum JRE encontrado no arquivo de configura\u00E7\u00E3o..error.launch.execv=Erro encontrado ao chamar Java Web Start (execv)..error.launch.sysexec=Erro encontrado ao chamar Java Web Start (SysExec) ..error.listener.failed=Tela Inicial: falha em sysCreateListenerSocket..error.accept.failed=Tela Inicial: falha na fun\u00E7\u00E3o accept..error.recv.failed=Tela Inicial: falha na fun\u00E7\u00E3o recv..error.invalid.port=Tela Inicial: n\u00E3o reativou uma porta v\u00E1lida..error.read=Ler ap\u00F3s o final do buffer..error.xmlparsing=Erro durante o parsing de XML: tipo incorreto de token encontrado..error.splash.exit=Saindo do processamento da tela inicial do Java Web .....\n..# "Last WinSock Error" means the error message
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (1386), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3441
                                                                                                                                                                                                Entropy (8bit):4.927824210480987
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:KYD1QNsQZ/lmo8ZuLgdBGpv3JRJ/7coh91XlK7Q/vm2QAfO:9D1+sCmapce1KGm2QIO
                                                                                                                                                                                                MD5:81BBDEA4DC9803A6EB78CE7D5CA018ED
                                                                                                                                                                                                SHA1:9AAF012276AD89CE7273CF5F0BE4C95B72D906AB
                                                                                                                                                                                                SHA-256:565B8FF1F31784378884D9D7468FFDFDDA5B001ACB5BB393A5006AC19BE4E67A
                                                                                                                                                                                                SHA-512:310017DD27C91C492188737494DA04CAB241D0BF4E91326AFB4A3F98CBFF78A6C0BBC14EC7E883597E9D506FAA80BA4E9A25B5F46BFD2543850323061E829A84
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=internt fel, ok\u00E4nt meddelande..error.badinst.nojre=Felaktig installation. Ingen JRE har hittats i konfigurationsfilen..error.launch.execv=Ett fel intr\u00E4ffade under starten av Java Web Start (execv)..error.launch.sysexec=Ett fel intr\u00E4ffade under starten av Java Web Start (SysExec) ..error.listener.failed=V\u00E4lkomstsk\u00E4rm: sysCreateListenerSocket utf\u00F6rdes inte..error.accept.failed=V\u00E4lkomstsk\u00E4rm: kunde inte accepteras..error.recv.failed=V\u00E4lkomstsk\u00E4rm: kunde inte mottaga..error.invalid.port=V\u00E4lkomstsk\u00E4rm: \u00E5terskapade inte en giltig port..error.read=L\u00E4ste f\u00F6rbi slutet av bufferten..error.xmlparsing=XML-tolkningsfel: fel typ av igenk\u00E4nningstecken hittades..error.splash.exit=Java Web Start - v\u00E4lkomstsk\u00E4rmen avslutas .....\n..# "Last
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (1857), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4104
                                                                                                                                                                                                Entropy (8bit):5.04197285715923
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:Me7R8zl0Zf4z3X4Gv2hEpeStEKADydYL1WfK0eSm91j7:1R8pOfWHJvOJT1WPtK1j7
                                                                                                                                                                                                MD5:823D1F655440C3912DD1F965A23363FC
                                                                                                                                                                                                SHA1:50B941A38B9C5F565F893E1E0824F7619F51185C
                                                                                                                                                                                                SHA-256:86663DED105B77261C0556468A93BC8666A094B918299A61AF0A8E30F42019C7
                                                                                                                                                                                                SHA-512:1EBF989D2121CF05FFC912B9B228C4D4523763EB1A689EC74568D811C88DCF11032FFC8007BB24DAF7D079B580662B77D94B4B8D71A2E891EF27979FF32CD727
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5185\u90E8\u9519\u8BEF, \u672A\u77E5\u6D88\u606F..error.badinst.nojre=\u9519\u8BEF\u5B89\u88C5\u3002\u914D\u7F6E\u6587\u4EF6\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u8C03\u7528 Java Web Start (execv) \u65F6\u9047\u5230\u9519\u8BEF..error.launch.sysexec=\u8C03\u7528 Java Web Start (SysExec) \u65F6\u9047\u5230\u9519\u8BEF..error.listener.failed=\u542F\u52A8\u5C4F\u5E55: sysCreateListenerSocket \u5931\u8D25..error.accept.failed=\u542F\u52A8\u5C4F\u5E55: \u63A5\u53D7\u5931\u8D25..error.recv.failed=\u542F\u52A8\u5C4F\u5E55: recv \u5931\u8D25..error.invalid.port=\u542F\u52A8\u5C4F\u5E55: \u672A\u6062\u590D\u6709\u6548\u7AEF\u53E3..error.read=\u8BFB\u53D6\u8D85\u51FA\u7F13\u51B2\u533A\u7ED3\u5C3E..error.xmlparsing=XML \u89E3\u6790\u9519\u8BEF: \u53D1\u73B0\u9519\u8BEF\u7684\u6807\u8BB0\u7C7B\u578B..error.s
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (1729), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3784
                                                                                                                                                                                                Entropy (8bit):5.17620120701776
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:wMWzQq8x9i7zO/JOFtUtQzy+gawZFomWdYQCfQ/ydQCyA:LWzQqms7S/JDtQcJoHWQaQ/6QCH
                                                                                                                                                                                                MD5:4287D97616F708E0A258BE0141504BEB
                                                                                                                                                                                                SHA1:5D2110CABBBC0F83A89AEC60A6B37F5F5AD3163E
                                                                                                                                                                                                SHA-256:479DC754BD7BFF2C9C35D2E308B138EEF2A1A94CF4F0FC6CCD529DF02C877DC7
                                                                                                                                                                                                SHA-512:F273F8D501C5D29422257733624B5193234635BD24B444874E38D8D823D728D935B176579D5D1203451C0CE377C57ED7EB3A9CE9ADCB3BB591024C3B7EE78DCD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5167\u90E8\u932F\u8AA4\uFF0C\u4E0D\u660E\u7684\u8A0A\u606F..error.badinst.nojre=\u5B89\u88DD\u932F\u8AA4\u3002\u5728\u7D44\u614B\u6A94\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u547C\u53EB Java Web Start (execv) \u6642\u9047\u5230\u932F\u8AA4..error.launch.sysexec=\u547C\u53EB Java Web Start (SysExec) \u6642\u9047\u5230\u932F\u8AA4..error.listener.failed=Splash: sysCreateListenerSocket \u5931\u6557..error.accept.failed=Splash: \u63A5\u53D7\u5931\u6557..error.recv.failed=Splash: recv \u5931\u6557..error.invalid.port=Splash: \u6709\u6548\u7684\u9023\u63A5\u57E0\u5C1A\u672A\u56DE\u5FA9..error.read=\u8B80\u53D6\u8D85\u51FA\u7DE9\u885D\u5340\u7D50\u5C3E..error.xmlparsing=XML \u5256\u6790\u932F\u8AA4: \u627E\u5230\u932F\u8AA4\u7684\u8A18\u865F\u7A2E\u985E..error.splash.exit=Java Web Start \u9583\u73FE\u87A2
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (1729), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3784
                                                                                                                                                                                                Entropy (8bit):5.17620120701776
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:wMWzQq8x9i7zO/JOFtUtQzy+gawZFomWdYQCfQ/ydQCyA:LWzQqms7S/JDtQcJoHWQaQ/6QCH
                                                                                                                                                                                                MD5:4287D97616F708E0A258BE0141504BEB
                                                                                                                                                                                                SHA1:5D2110CABBBC0F83A89AEC60A6B37F5F5AD3163E
                                                                                                                                                                                                SHA-256:479DC754BD7BFF2C9C35D2E308B138EEF2A1A94CF4F0FC6CCD529DF02C877DC7
                                                                                                                                                                                                SHA-512:F273F8D501C5D29422257733624B5193234635BD24B444874E38D8D823D728D935B176579D5D1203451C0CE377C57ED7EB3A9CE9ADCB3BB591024C3B7EE78DCD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#....error.internal.badmsg=\u5167\u90E8\u932F\u8AA4\uFF0C\u4E0D\u660E\u7684\u8A0A\u606F..error.badinst.nojre=\u5B89\u88DD\u932F\u8AA4\u3002\u5728\u7D44\u614B\u6A94\u4E2D\u627E\u4E0D\u5230 JRE..error.launch.execv=\u547C\u53EB Java Web Start (execv) \u6642\u9047\u5230\u932F\u8AA4..error.launch.sysexec=\u547C\u53EB Java Web Start (SysExec) \u6642\u9047\u5230\u932F\u8AA4..error.listener.failed=Splash: sysCreateListenerSocket \u5931\u6557..error.accept.failed=Splash: \u63A5\u53D7\u5931\u6557..error.recv.failed=Splash: recv \u5931\u6557..error.invalid.port=Splash: \u6709\u6548\u7684\u9023\u63A5\u57E0\u5C1A\u672A\u56DE\u5FA9..error.read=\u8B80\u53D6\u8D85\u51FA\u7DE9\u885D\u5340\u7D50\u5C3E..error.xmlparsing=XML \u5256\u6790\u932F\u8AA4: \u627E\u5230\u932F\u8AA4\u7684\u8A18\u865F\u7A2E\u985E..error.splash.exit=Java Web Start \u9583\u73FE\u87A2
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:GIF image data, version 89a, 320 x 139
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8590
                                                                                                                                                                                                Entropy (8bit):7.910688771816331
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:91m4OqvVyG+LMIcBc2qPjHmxJCCG/h97dIYhOX:9/OqdivcqzjH3tfDE
                                                                                                                                                                                                MD5:249053609EAF5B17DDD42149FC24C469
                                                                                                                                                                                                SHA1:20E7AEC75F6D036D504277542E507EB7DC24AAE8
                                                                                                                                                                                                SHA-256:113B01304EBBF3CC729A5CA3452DDA2093BD8B3DDC2BA29E5E1C1605661F90BE
                                                                                                                                                                                                SHA-512:9C04A20E2FA70E4BCFAC729E366A0802F6F5167EA49475C2157C8E2741C4E4B8452D14C75F67906359C12F1514F9FB7E9AF8E736392AC8434F0A5811F7DDE0CB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GIF89a@................................................FFF...T..W..V..Is.Kv.W..W..U..Hr.P|.O{.Mx.Gq.Jt.Fo.Fp.V..U..Gp.T..Lw.P|.R..Q~.S..S..Nz.Lw.Hq.Ju.X..V..Lx.It.U..Hs.Ny.Nz.P}.R~.S..R~.R..Q}.Q}.My.Lv.It.O{.Ku.My.Oz.Gp.Gq.Hr.....................WWW.........Ry.uuu............i......ggg...]..................{..y..d..........Sz................s............i...............c............v.....X........r...........]........^........p.....z.........r..Y..l..m...............]................Mu........Qw.Nw.........v.....b..j.......V}.]........d.....k........v........Lu....S|.U{.Oy................W........Lv.U..R}.....Nv.Gp.Nx.Ks....Jr....Hq......V~.T..S~.Z.....Gq.O{.......W..Qz.......Lw.Z.....T...........S~....Lt.Kv....V.................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="ht
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:GIF image data, version 89a, 640 x 278
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15276
                                                                                                                                                                                                Entropy (8bit):7.949850025334252
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:onqkbSDLFgIBL0IgyZCE/oIuuemXclVO/HemZ8GbRdziHm6tIclW3ZYvvebtssZn:lKMLWkpgy8sdsnOmEyPLaYoauAdI
                                                                                                                                                                                                MD5:CB81FED291361D1DD745202659857B1B
                                                                                                                                                                                                SHA1:0AE4A5BDA2A6D628FAC51462390B503C99509FDC
                                                                                                                                                                                                SHA-256:9DD5CCD6BDFDAAD38F7D05A14661108E629FDD207FC7776268B566F7941E1435
                                                                                                                                                                                                SHA-512:4A383107AC2D642F4EB63EE7E7E85A8E2F63C67B41CA55EBAE56B52CECFE8A301AAF14E6536553CBC3651519DB5C10FC66588C84C9840D496F5AE980EF2ED2B9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GIF89a..............................................FFF...W..V..Is.Hr.W..W..U..P|.T..Kv.O{.V..Mx....S..Fp.Jt.Lw.Gp.Gq.Lw.U..T..R..Q~.Fo.Nz.R~.R..Q}.My.Ju.It.Oz.Gp.Nz.Gq.V..Ny.Hq.P|.P}.S..S..S..Q}.Ku.Ku.Hr.Lx.X..Mx.It.U..Is.Hs.T..O{.R~.T..O{.Kv.My.Lv..........i...........]..WWWu...........ggguuut.......................................Ry.......{..............b..........................^..l.................X}....a..{.....c..................v..m........T{.f.....l........X.........................j..U|...........`........j..g..U~........^.....Qz.Jr.Nw.p.....v.....p.....Gp....r..Mt.......y..q.....]..Nv............Tz.Y.....[.....Pw....Ox..............X.....Y..X..W..V..S|............Mx....Mv.Kt.U..Hq.Lv.W.....Mu.i..Q{.Gq.Lt.S~.T..U..Kv................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="ht
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:GIF image data, version 89a, 320 x 139
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):7805
                                                                                                                                                                                                Entropy (8bit):7.877495465139721
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:S88k2wenvMs3iHrSI3yy73VWOcaJpGvrrXqJBcqgbf5bD0jmzDBoqCN2IWsyh:SFHhs73n73V4airrXq41Ll3vBmN2YU
                                                                                                                                                                                                MD5:9E8F541E6CEBA93C12D272840CC555F8
                                                                                                                                                                                                SHA1:8DEF364E07F40142822DF84B5BB4F50846CB5E4E
                                                                                                                                                                                                SHA-256:C5578AC349105DE51C1E9109D22C7843AAB525C951E312700C73D5FD427281B9
                                                                                                                                                                                                SHA-512:2AB06CAE68DEC9D92B66288466F24CC25505AF954FA038748D6F294D1CFFB72FCC7C07BA8928001D6C487D1BF71FE0AF1B1AA0F35120E5F6B1B2C209BA596CE2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GIF89a@...................................{...........c.....P|.l.....].............Ry.........S{.i.....U~........................uuuV..b........T.....WWW}..R~.......Hr.v..T|.It..........n.............e..f.....].........Hq.`........Y.....i..r.._..l...........]..Y.....v..................s..f.....z.....\........Jr.r.....................i..e.....p.....Y..m........Z..Sz.Ow....Y..Nx.{..w..Jr.T..R}....Pw.Lt.s..`..W..W..Lv...........................................FFF...W..V..Is.Kv.W..W..U..Hr.O{.Mx.Jt.Gq.Fp.Gp.Lw.Fo.U..T..Q~.R..P|.Lw.S..S..Ju.Nz.V..X..V..U..Ny.Hs.My.Ku.My.Q}.R~.P}.Q}.R..S..S..O{.Oz.Lx.Nz.Lv.It.Gp.Gq....ggg.....................S...............S|....Gp........Mw.S~.Px.Nz.Pz.......Lt.Kv.a.....V.....r.................Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="ht
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:GIF image data, version 89a, 640 x 278
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):12250
                                                                                                                                                                                                Entropy (8bit):7.901446927123525
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:Zzv4QPei/ueMFJ2M4xSGb/xGEyddpTa7Kv9I1BDc3KR3q6xmwJePYueHjAPZKGMr:5vTWvmxSGbkpTaYe1dc3KR3q7wJsOHmu
                                                                                                                                                                                                MD5:3FE2013854A5BDAA488A6D7208D5DDD3
                                                                                                                                                                                                SHA1:D2BFF9BBF7920CA743B81A0EE23B0719B4D057CA
                                                                                                                                                                                                SHA-256:FC39D09D187739E580E47569556DE0D19AF28B53DF5372C7E0538FD26EDB7988
                                                                                                                                                                                                SHA-512:E3048E8E0C22F6B200E5275477309083AA0435C0F33D1994C10CE65A52F357EE7CF7081F85C00876F438DFA1EE59B542D602287EC02EA340BFDF90C0C6ABD548
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GIF89a.......{.....k......{...........P|.b..V......................Hr.Hq.......................]...........X...........f.............i............R~....u..It.u.....l..T~.......Qz.......^..Q~....i.......b.............Qx.Y..Y.....q..p.....v..............a..U|......T..Y........................^..n........f.....Tz.e..j..f..Ox.p..Y~.Ov.......y..Z..h.....l.....W.....w.....R|.p.....X~.a........Pw.Ks.Ir.......^.....Kt.FFF\........Ox...........W..U..Nw.Mu.W..V..Is.V..Hr.R~.W..W..U..T..O{.Kv.Gp.S..Mx.Lw.Fp.Lw.U..T..Jt.R..Gq.Fo.Ju.My.R..Q}.R~.Nz.Oz.It.Nz.V..V..Gp.Ny.Ku.P|.Ku.Gq.P}.S..Q}.S..S..Is.Lx.U..O{.Hs.T..O{.My.Mx.Kv.Lv............iii...YYY.............xxx........._.....U..Gp.U..Lv.Mw....Oz......S|.S}.Hq.\..Kv....Mv.P{.W..T........Mw.T.....Nz.q..Fo.......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="ht
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):187736
                                                                                                                                                                                                Entropy (8bit):7.79606817499301
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:9Mxm+j7ZPrDuryFpqOv2xHamAIGiDZDo81qnI/vs7O04OvwFgBgvH6:ONduOJv29amxGiDtonI87aGBgva
                                                                                                                                                                                                MD5:13794986CA59819F6AF7BD70022D7F8F
                                                                                                                                                                                                SHA1:6C5609CD023EB001DC82F1E989D535CD7AD407EE
                                                                                                                                                                                                SHA-256:AF555DD438214DCD68D55EBDDCC0A05BF47DEF0EFD9920E3955D11CC2623628E
                                                                                                                                                                                                SHA-512:2E3C4E76FD911EFF5F6983D6D7FBB0F998E5FB0BFE11921A83AC9F19BFB0C28B157354F1AC790094C354845025AB42F5A921FDDF2A780497431F3912D7D3E518
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........z..H................META-INF/......PK..............PK........{..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............/...com/sun/java/accessibility/AccessBridge$1.class.S.n.@.=.........6.....BU.D.T..CQ.x.8+...F.u...$...>..B.....5.....9.gfg......St....,........sp....z*. ......".e........MG.|N..(...a.=..9!Tz.@..GJ.W./...s<..8&t.9...m......8..Jt.`..:....Q.?.a....H......y.$.Y..a.....m.c5...K.....'.....Y.`^.5..|..z_.q.*....]2p....[..P..b.A.C...W..j..(H3.....a.~...;.Z.^,.T...6QB..L.+g...%l_R....H.V..el&..#F.~6.1.9.C.g$M.+.vn..&........k 8 ...._..."G=.6P.#._@.o(}.........s`..Oy..A.Q&|...._a...c...2.....g$.+..k..:n.s7q..x....?PK....&.........PK...........H............0...com/sun/java/accessibility/AccessBridge$10.class.TYO.Q...e`.. ..X.j;...W.Z*j.u.....7ep.!3w._.1&...&....>.....q..m.s.{..l...._...n..0(IN.!...VajH`D.(.v.$.U....v....$g%9.!....N..T.Wq.!.d..e.Vj.
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):187727
                                                                                                                                                                                                Entropy (8bit):7.7958934328326075
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:aMxm+j7ZPrDuryFpqOv2xHamAIGiDZDo81qnI/vs7O04OvwFgBPlHl:nNduOJv29amxGiDtonI87aGBPlF
                                                                                                                                                                                                MD5:82C16750374D5CCA5FDAA9434BAF8143
                                                                                                                                                                                                SHA1:9B49F07BFB6F4AE73EB9B2FADCAE46E02E31F023
                                                                                                                                                                                                SHA-256:1F0966EBD65544669395E9F490A3D397DCF122D5261566734BB422C68CFE64B8
                                                                                                                                                                                                SHA-512:12A32FBE2A0A824EC33BD6D0A22066C0CB74D13EEBC16622FFE420CD48B4EB5878C981384DEBE30285D6231B3224E5CD2380C22D8C18624E52E5C74B62221661
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........{..H................META-INF/......PK..............PK........{..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............/...com/sun/java/accessibility/AccessBridge$1.class.S.n.@.=.........6.....BU.D.T..CQ.x.8+...F.u...$...>..B.....5.....9.gfg......St....,........sp....z*. ......".e........MG.|N..(...a.=..9!Tz.@..GJ.W./...s<..8&t.9...m......8..Jt.`..:....Q.?.a....H......y.$.Y..a.....m.c5...K.....'.....Y.`^.5..|..z_.q.*....]2p....[..P..b.A.C...W..j..(H3.....a.~...;.Z.^,.T...6QB..L.+g...%l_R....H.V..el&..#F.~6.1.9.C.g$M.+.vn..&........k 8 ...._..."G=.6P.#._@.o(}.........s`..Oy..A.Q&|...._a...c...2.....g$.+..k..:n.s7q..x....?PK....&.........PK...........H............0...com/sun/java/accessibility/AccessBridge$10.class.TYO.Q...e`.. ..X.j;...W.Z*j.u.....7ep.!3w._.1&...&....>.....q..m.s.{..l...._...n..0(IN.!...VajH`D.(.v.$.U....v....$g%9.!....N..T.Wq.!.d..e.Vj.
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3860522
                                                                                                                                                                                                Entropy (8bit):7.9670916513081735
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:98304:PI1SwP9utPgTIb0bxSxwF1nNZVdEILeH9IIyYNO4Inwz:PI1HYgkoxSxI9fs4UVIwz
                                                                                                                                                                                                MD5:AE86774D28F1C8270A9BCBD12A9A1865
                                                                                                                                                                                                SHA1:7806C70550F435C2C87D2D15E427E5A9F97774E4
                                                                                                                                                                                                SHA-256:0402FBCB23D381DEDE4DF4228F2D100D8693C5B3BAB885AB5EB98BCC0A269786
                                                                                                                                                                                                SHA-512:2EA1E0372A087915FFFCCA2DEFC817C37BD038B02824BFEC1DA4E881A4C908A93AEB37DAA38840F75BCEAFD02EC09088FE648B0305DA0407E93407EAC770BE63
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........s..H................META-INF/......PK..............PK........s..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.q.B........E..%.).N. e.z.......E..9....E..E.%@...\.\.PK...n..N...Z...PK...........H................sun/text/resources/cldr/aa/FormatData_aa.classmPMO.@.}........(.@..xB....!b,1i8..6X..I.5._.'.....(..".9.yy3.f?..?..`?...*6T.5l....aG......=...mqN.......t...:6g.;`^....d.L..\0.|.b...w&.....c.;...8%H...........RqA.......b. ..p./G......B0..K.Sx6...>4\....Zy.!..".R.N....T....=..c~d.7...3(5.<.....a;F....\....a8@..a.@..d^.]YV"k....U...2'#...rX.K...ue...O....bZ.:CB...jZ.]3...2M.s....3}.ct%.GV..PK...]..d.......PK...........H................sun/text/resources/cldr/af/FormatData_af.classuV.x[W.>...a[y......R.+-..K].I.4..(...b.=....a.h...({..B!...{.U......w../...y...?.;w>.u..w..A.......xE.nFxe.nAx...^.p+.k.^..z.7 ...M.oFx..[...v.3..!.....Bx7.{.nGx/....@x?...."..A..!|....G.>..1..#|....B......A.,...>..../"|...._A.*........o"|.....A...........".
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8286
                                                                                                                                                                                                Entropy (8bit):7.790619326925194
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:tX5jIgU7WbMCc0XmHTEIWB7EH+mqcEb+wYtvEmkbKdG:tXZU7WbMoWTFWBAH+BCrEmkh
                                                                                                                                                                                                MD5:7FA7F97FA1CC0CC8ACC37B9DAE4464AE
                                                                                                                                                                                                SHA1:C143646A6DBE2EBDB1FBF69C09793E7F07DBC1F5
                                                                                                                                                                                                SHA-256:36820223C5B9A225DC3FF7C1C3930BDB112F1D9AAB2BEE954FF1A1C1828E2C54
                                                                                                                                                                                                SHA-512:AD9A0E358BE7A765B4A554E6BBE35BDD61A52BCAC9F21915D84C2A1929780150DFDCF0E43121D0E844082B1BB92873ED848ACF9B38FF3C7D826E5D0F5D32C26C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........s..H................META-INF/......PK..............PK........s..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............2...sun/net/spi/nameservice/dns/DNSNameService$1.class.S]O.A.=......./@."e.,(>AH.` )..g.......l../j....LD..F_.M.xw.j.....s.{g.~.........d.n...9.0e.N..i.E.......~A.&.H..7....[<.7|....]f_.....r.)W....*~(B....nM..F.Z!.z.....Ye.(...B.3..2.AM0......pO..x.!.#.0U.I.G..Tu.&..L.......e.![.U..;...-.2.6.<.02P..9...R.......la...*.H....!.."-..H..E].Z.k^.W:p.J^s. .x .c..7j>.A..T...TfG...f....!.6zm.p.F..-.q.K.....1.!.w.C+,2..J....0.!C...0Lw...@..s[.cmp%I-.5..o...1.D].]q..4..-.t1...m.q.3.;\....D.+/..../...N....uv...R.|<<.2M...4...O.yz.F*A...).3{.....7....]..g.i..9&m.[.......K_.}.,;)}F..VR.w........|I.+..B.a...F.-C....h......Y...N...t..D.:.<..d..u`..r..B...PK..K.".u.......PK...........H............2...sun/net/spi/nameservice/dns/DNSNameService$2.class.
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):44516
                                                                                                                                                                                                Entropy (8bit):7.905075370162141
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:2YVL1eqfgKbWnXuZ/QvfBPJr+A6tkZQnWn109KqM9jE4z:2KL1eWgfnXuEfJQAdQnWn10kqg3z
                                                                                                                                                                                                MD5:1A33FF1FDD789E655D5E2E99E9E719BD
                                                                                                                                                                                                SHA1:AE88E6000EBD7F547E3C047FC81AE1F65016B819
                                                                                                                                                                                                SHA-256:A23A9A653A261C640703B42839137F8C4BF7650665E62DBDD7D538171BD72516
                                                                                                                                                                                                SHA-512:0451393D805414D6633824F3D18B609F7495324FAB56DF4330E874A8995BD9E0DA567D77DB682D7FD1544CD7E6A3D10745C23DB575035E391B02D6EE4C4362FD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........{..H................META-INF/......PK..............PK........{..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............Z...com/sun/java/accessibility/util/AccessibilityEventMonitor$AccessibilityEventListener.class.Wkp.........5..5..A6`l..C\j.A...eb)..)dm....J+..h...I.&&...L.4.3.$.aH.q.....M...i..m......KNf4.y..~.9g.>.....[p.:....n..p....(........#.D'".ta/.>.D7.|.s.!..f.o......#\w?o...;q..]x....B...~.....t..4>?.#N.1$Aw........;..#j.HJ0%..p...M.5...V[.. ...*......P...).qZ)......a-i...H2.EM..H.2l.H.eX_.>..(..J_..Lj.Z\3G...,...C|.....T..$,.q.OX...[.u..Qg..6..:...iz.q.-.*...:sD@9j.2[..w..I3a.r....cXM..m..}P..J.WU.d`o.nhD.3.=).)..o2..F*...8^k...f)t.........G...e|.....C*K."#.F...,.m.q..I8)....$..x^......e..?..c.D..8..e..7...U..8..dl...rc.s.7d..3...x.....E`.....n/.8.qY......i.~BQ..\.1.K2~.K...s.C.YN...@.Lh...i....PwwW.W...2.z....<%..F..+..xW.e...K.W0...3......J..)S.
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):18192143
                                                                                                                                                                                                Entropy (8bit):5.977388717447885
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:ZxJ9lXlkEhZWLyyQSgxv1/FGfnIWkRXe2p0F7tjRozGfVgMS55pU13JbL5xli3d6:ZhLk2bBSgnFGfnhAXLzAeylvi3dGT
                                                                                                                                                                                                MD5:042B3675517D6A637B95014523B1FD7D
                                                                                                                                                                                                SHA1:82161CAF5F0A4112686E4889A9E207C7BA62A880
                                                                                                                                                                                                SHA-256:A570F20F8410F9B1B7E093957BF0AE53CAE4731AFAEA624339AA2A897A635F22
                                                                                                                                                                                                SHA-512:7672D0B50A92E854D3BD3724D01084CC10A90678B768E9A627BAF761993E56A0C6C62C19155649FE9A8CEEABF845D86CBBB606554872AE789018A8B66E5A2B35
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK...........H................META-INF/....PK...........H..>.g...g.......META-INF/MANIFEST.MFManifest-Version: 1.0..Ant-Version: Apache Ant 1.8.2..Created-By: 1.8.0_40-b27 (Oracle Corporation)....PK..........H................com/PK..........H................com/sun/PK........j..H................com/sun/deploy/PK........j..H................com/sun/deploy/uitoolkit/PK........j..H................com/sun/deploy/uitoolkit/impl/PK...........H............!...com/sun/deploy/uitoolkit/impl/fx/PK...........H............$...com/sun/deploy/uitoolkit/impl/fx/ui/PK...........H................com/sun/deploy/uitoolkit/impl/fx/ui/resources/PK...........H............4...com/sun/deploy/uitoolkit/impl/fx/ui/resources/image/PK........}..H................com/sun/glass/PK...........H................com/sun/glass/events/PK...........H................com/sun/glass/ui/PK...........H................com/sun/glass/ui/delegate/PK...........H................com/sun/glass/ui/win/PK..........H................com/su
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1178848
                                                                                                                                                                                                Entropy (8bit):7.964832897711047
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:qLvFVMHxMyEg7+dYmx0nqEdgq2C942bjAHcOveMdDLtHHicwqJM5SznKMWKdk/H2:cF9rYmxQ5tOcOdFwqSYzn0DfYHs4jOBK
                                                                                                                                                                                                MD5:24857AD811CEDA70BD0F087FD28B5B6E
                                                                                                                                                                                                SHA1:707305EB10B1464D40BDEABADE77B80B984A621A
                                                                                                                                                                                                SHA-256:321D646AD29A5B180CA98BB49E81C2C732523B7E5145A3C568766CEC06B2B1CD
                                                                                                                                                                                                SHA-512:A10A340BDB2DE2D0D14ED804F04313D1D4CBD64EF0513A9E54B7FA95FFB05F2123C9095A4B2BFFA4DDF3ADEA9A67E978D26D115A8F5677AE1BD0EE67C416FA5A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........u..H................META-INF/......PK..............PK........u..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r.r..PK..<:S1C...D...PK...........H............,...sun/text/resources/ar/CollationData_ar.classm..O.A...Y[("...E..Q.....z....M.1A.f....m.n.G|._.WP@.R^T.D._.......b.N.H.....<..!._....!...j...#bCD.U..*.1"6ED.#*[..xp....;.:"....Q..O.'..:....3..5.~.J.~2.8.a.......e/....S....A.#.c.l...<n.ljM%.^.O%.y.w.K.;jD.X...._......,.B'\.;'.K.{...x.G..cL...9^`..x.W..0F....!...P.8&0.)..[..+.e.T.\.+w."g.YW.E...]....[....c....}.(.b..m1n..<`..[,..-&m...C.....W....}..k>y..x.....X K.fY..1.1..L.z.;.K.....n}..4...f0..|6.}..0..X."..+=.........n...6.Y.............l.o..%..w.8Ks..gq......3t/8C.........~<..<.3<....%....0F...(r..1..\5s..UO..jf..L..f...........................!.!.!.!.!.!.a..............................n&..... ..3.76.....#....l.OD......G.../..J.W..*...k5.V..........?.V..6...F...t.....X...X.
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1511
                                                                                                                                                                                                Entropy (8bit):5.142622776492157
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:EV677x6CFRf08P86xX+4jz98ht4QLlJVzDOFw5DOFFVzDOFvVzDOFz5qlV/FRARV:EE796OfT0OZjzGs6lDitfitigXFqX6Kp
                                                                                                                                                                                                MD5:77ABE2551C7A5931B70F78962AC5A3C7
                                                                                                                                                                                                SHA1:A8BB53A505D7002DEF70C7A8788B9A2EA8A1D7BC
                                                                                                                                                                                                SHA-256:C557F0C9053301703798E01DC0F65E290B0AE69075FB49FCC0E68C14B21D87F4
                                                                                                                                                                                                SHA-512:9FE671380335804D4416E26C1E00CDED200687DB484F770EBBDB8631A9C769F0A449C661CB38F49C41463E822BEB5248E69FD63562C3D8C508154C5D64421935
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:% VERSION 2..% WARNING: this file is auto-generated; do not edit..% UNSUPPORTED: this file and its format may change and/or..% may be removed in a future release..! access-bridge-32.jar..com/sun/java/accessibility/..! access-bridge.jar..com/sun/java/accessibility/..! cldrdata.jar..sun/text..sun/util..# dnsns.jar..META-INF/services/sun.net.spi.nameservice.NameServiceDescriptor..sun/net..! jaccess.jar..com/sun/java/accessibility/..# localedata.jar..sun/text..sun/util..# nashorn.jar..jdk/nashorn..META-INF/services/javax.script.ScriptEngineFactory..jdk/internal..# sunec.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunjce_provider.jar..com/sun/crypto/..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunmscapi.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# sunpkcs11.jar..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# zipfs.jar..META-INF/services/java.nio.file.spi.FileSystemProvider..com/sun/nio/..# jfxrt.jar..META-INF/INDEX.LIST..com/sun
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2018860
                                                                                                                                                                                                Entropy (8bit):7.9328569913001905
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:fBkB7GOrPDSz0fHaIU1KDWtHkLs0amlyYu:fBkoOruSHa/4y/FmA
                                                                                                                                                                                                MD5:F3E3E7769994C69DFF6E35EF938443CA
                                                                                                                                                                                                SHA1:758F42C0A03121AD980DC98BE82DCAF790679E79
                                                                                                                                                                                                SHA-256:CF0268FF39D19876BD42BF59E2CE93BB9AA57E5EE98C212BAE0184BD87F2D35A
                                                                                                                                                                                                SHA-512:AB4801E8538B9B84124D2B8C36E64232F16DA686C5FA565C5DE2091C910806A850464F5CCC79C9320DF6F8CB943633FC38FEA63F9E0593A44E3541F15F126951
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........o..H................META-INF/......PK..............PK........o..H................META-INF/MANIFEST.MFm....0.E.&...:..q.0.....W.g(>Z.v..E4,...{o..>1&y...w.0JsV....<..A..M.bs.. ......F|.Y... .Bt.K9...N%.).s.D.qVC.......c?......'..B,k...&.......i?^0...o...PK..\K:x........PK........i..H............6...jdk/internal/dynalink/beans/AbstractJavaLinker$1.class.S.N.Q..N[.mY.".....T......7.%....A...t..n..m........k51.....2..H.51....o..|..9?~~;....9..J.Y.g...5......M%.4......z....=..v.OF"..7.#....-.e......nU...G^ K.a/.BF.....y.....*C.C.^..!.R.eH.....j....aK.M...3].....=..;'.;]j*..>C....#*.:..Z.(.N...JvEX.I.e..A..."j...C....t.C.q..:..>.J1}...z`..v...[.. .QTa..kXeX..'.1O.c..1...x..W..a.....3.Gl.VG8.C.tE5P...rN.&.v.....F.V.{.say.0^~m.....e....VW.B..x.h..u.i.K..F..j.[;;..Z.z.^f.8.q~.nR.n....Q.2..$.)B.$..|.;.....'.&. .j|@.E....FP#....A-..."...b.n.".H/c..Ho..s.I./.X..p...}..]F....SP.L.u."@..$o.9.b.'.!.;X~6..PK..]./.<...H...PK........i..H............K...jdk/internal
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):39771
                                                                                                                                                                                                Entropy (8bit):7.92713480980539
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:ah0EOq/w9b3jpSo40ROLB2CUrQbNVkJBtw6pcZWztpQeA4Uz7NWnZVNB3gX083/z:aJOyw9b3joo4hLB2CUr2yBw6pcMtpS44
                                                                                                                                                                                                MD5:A269905BBB9F7D02BAA24A756E7B09D7
                                                                                                                                                                                                SHA1:82A0F9C5CBC2B79BDB6CFE80487691E232B26F9C
                                                                                                                                                                                                SHA-256:E2787698D746DC25C24D3BE0FA751CEA6267F68B4E972CFC3DF4B4EAC8046245
                                                                                                                                                                                                SHA-512:496841CF49E2BF4EB146632F7D1F09EFA8F38AE99B93081AF4297A7D8412B444B9F066358F0C110D33FEA6AE60458355271D8FDCD9854C02EFB2023AF5F661F6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK.........r.F................META-INF/MANIFEST.MF..I..H....Q..C.f.X..*b......lz..$..dK6..7U....N.5...... .GT.......[.{a...8#(FI......%Ao==...U%%.QOIjL....'.o../..q.q.!....k..)}..4...@J..~\....@..z0._.*....L....=..z.=?)..%... n......HoY.>?........]....Nz..,..c./........6$.@....1.2.X...`:G.j.S..IP.-X...0..8jk...|.....YF.b..u.9...F\.j......y.*Q.'..2.i.S.D...z.j...a..a..L.o..+v. .!.h..8H...d..R.d1a...A.9........zC..Z_.p.`...).t. ...q.1.......\...RS."..11.C.Y..I...J.(.(x.m..N..('[..C.o....H..].<#.%....CZ....[....Y......g..=.2...........I....qm.-....(..BZF.r8=.C(F...I.."...$W....]...9..0b......]...5.M.....`"."k...k....T\....WZQ.>.8..KF..g[Y.c5.s...U..-c....!v..$.rG......1T....bb.s>..R.w....&8.*NX@o+...~,K..2..yI..._f^.l@..|.....U...^...#.P.u!.#..g@/d.<.../..:..V.[.6B.TG....>.D..R\.k....E.E.O4K..Z....f.,..f......hRW...) X......\M.#!)..H..b..f...w..R....w.=.........PC.#...K..|..d.S..Ms.]4q.....c..f......}.NF^.7d...|.*..^\n.l.D..V......
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):279427
                                                                                                                                                                                                Entropy (8bit):7.90277234368113
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:E/Ieog0SgEOU8pqHbQpr16jWun5bT1aReAaTFMzpx2Xcpll+PrA3YaRBlLi:E/m9eJsppCLJTURe9TFMrQ0fkUK
                                                                                                                                                                                                MD5:B04074A9FC78DC1409168E1E2D139647
                                                                                                                                                                                                SHA1:54182C904A48364FC572E3A2631DF14823C29CEF
                                                                                                                                                                                                SHA-256:BFAD3FB11E7115AAF34719488551BF3205B2FAFFB38681C7F6BDAD19BB7568C2
                                                                                                                                                                                                SHA-512:E97CA3D53E867E957BF467688F83C53B2FD6FF1EA001B19F03A23096581DC8ADCEC7C1403D164D063B1A437E4BF6FA98E1543626849D4E17E31156CB012F9599
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........aZ.H................META-INF/MANIFEST.MF.|I..V..".?xP...p.#..7.G D.N.......~...)....ic.;..[.k.../3...5.5........O....x....6c4>...].u....h.~2.f,n.O|3.}.|<..._}..o........K..Z.=.$m....>...'....O?...G.>&..)no.......Z=...k..~...O.z....c.|(..9.=..|....q.vc....}..i.3.~.}x...~.?.+..._...}.......|..,.,..&`.s..=.....h...%.g.'~..i......p.;A..B..99{....E..k........)......^IW!.._....+..)....d._0...s......v..R.c.*]..0.C..Z}.....j..O%.I.....J.%..).Q..=..0.J.J...A......%T...$..h.#.N%N.e.ne...=DV.......+.....(..f...yn.P..-...f.ON..d=8-....B.^......S.+........$V`..uz....US..h.8.4^Y-;4.M.+i...dw.9.x..k.]...\u..j{<.....r.....y}.E.....X.~%....zF;.<....+-...X.I.I..]..N`.2.G....c~..J.r.o@..My.(.H,...b.e...5'e./...b;D~.%....};....J....1k5CrO..6....n.....>.t..0a.......,.J./;.q.y...w...J.t&s.2.sYk....1...5..._x.....Q..M.J...N.y3{....R..~.F..V......'z...{|..j5..../.;.NCGG\.....!M...Pfe/l..).zL..9.4....?..o.....}.F..M....~.L.q.] ..x.v..d.]G[...q$.E.o...r.(..
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):32699
                                                                                                                                                                                                Entropy (8bit):7.878192531974338
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:iLy1giOqjU0jNVmOTuDQJD/RpAczsikFfg0y+7aBTS73dyPoXvvKv2PtvHubyKhi:i4giOaU0jNVmOCADZpVsiUf3yua5S7t7
                                                                                                                                                                                                MD5:2249EAC4F859C7BC578AFD2F7B771249
                                                                                                                                                                                                SHA1:76BA0E08C6B3DF9FB1551F00189323DAC8FC818C
                                                                                                                                                                                                SHA-256:A0719CAE8271F918C8613FEB92A7591D0A6E7D04266F62144B2EAB7844D00C75
                                                                                                                                                                                                SHA-512:DB5415BC542F4910166163F9BA34BC33AF1D114A73D852B143B2C3E28F59270827006693D6DF460523E26516CAB351D2EE3F944D715AE86CD12D926D09F92454
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........)..H................META-INF/MANIFEST.MF....X.........ad2....@..%E..M.^.x.. O_dW.5Qi..8.....).aY=.!.Q....g..AM..&0....d.*./#..yM+......g.[.O..$....I?>X9..G......h.]...".y....do.O..2.Y.\^...}+....p2..u.]...V0}....&..a.C...-.....n.....M...M.F..,.....v@...>>|..["J...U7")..#b.oV.a...l.g..e.s..L.D..={.-gLEt.....!/... q....z.J...0.2e...=.....[]{..N...1....Z.....2...I.k...Sy..Qm...{....;.On..!.@..S.IZ..=......Lo.N4..|.j...!.l..G..}.Q....u....ADh.z.w.-..@%.@...!.".R.nHE.P]..J!..E.9Sw.LM7.&...[v..~.P...bp;.....:id.e..o.h..8.C....l...70..].gp..7.<.P.....Zj.....M......-.(@~...M^.....asJ.Y.1.e...(qW..h.c.Iu...-.A..?.5.Ex.S.oc6.).Qkr..+....|..._..H..!7..hs.r.;.z=.....*#.c....6...O+q.I.....|.4.V....Y.T.....4XO..4.>..1.$h..lu..l0..?...w.......o.u....6..)BG'..f......d.v...........<.i..Bj..d..L.....G.r@1.....0..d......'...........*.rK....5x..8.V..9(..Y.`'.k.N....3b.rx.p..c...M_j%..U.z.|Y.1\....d...-I.<g........-.h.*.F...me.F..p.c.o..
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):250826
                                                                                                                                                                                                Entropy (8bit):7.951088517189604
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:dKtThM4XbBG7v3jUAbE0MEIynrI25ENN/kv1Pv:dKphM4X1G7PjlbE0MxHLbC
                                                                                                                                                                                                MD5:2E33D8F1FBEB9239C6FFC0D36DE772D1
                                                                                                                                                                                                SHA1:3F881E3B34693A96CD3D9E20D6AEABAE98757359
                                                                                                                                                                                                SHA-256:938C497E97E893D0B9325522475AD9FB2C365A4AF832ED180B570C3E4E6FD559
                                                                                                                                                                                                SHA-512:DB9A5B0F269BBFC9CB712D8BF170414D649CD72F0DEECCDC3A4D742430E2E29E203F7E462D2DF8F9EC2C82723A8A56FF8FD409CDCBE66547C798B15370B8DB65
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........mS.F................META-INF/MANIFEST.MF.{.........3.. l@ .G...D.#49A/...........Z.jTUj.{g.\.r..4y...n2.y.........s.UI.4S0=_...*....,..sn..N.p..m..C.....F|{..%Q.....m.v...6.Q.|a.k.?....}...../Q[.6..?.....*..v..P....>..O.:%.E..........o.uS..O..S..Jo....}../.........z.b.....?}_..%pL.y....h.aP.a...1....)..$..IH....v.-..q|..D.z8b..y.<...x..M.K]b=.+.0nSt.co(.-.............C.u..2.W..3...+.....9.d.......L..</..P..z+n..JR;V..K....>...D.....<.....=..+e....>L..`......g.....Os..Ly..T..a.`.}.......Z...R..S...c..z......x.U..)...J.........e..=rr..^K.....hY2.U....e........N.9..r).#!V[..`...B.......CW.}o.q......u7..h0?6.P.14N.-J.\.!u`....H..l...1'J=[.+.-.....X.9.@.......a{C.).Z..P(W.}O...%./..XG=...^..N.enV.F<..oW.|....CJ.....\x..g;v.L.Wf...N.#..*..!.L..:.MD.Vy.z.0.L..72...|.=..eB6(z....#:8D..ig....U....SO.t......0_...>S...}.L.ze....=...k&.[...U^p.$...(........m.z.....~.F..........h......z3<LO.y..4.......w.3.......,W8(..3UF.R.....J)J..q.....Z.d.;
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):68923
                                                                                                                                                                                                Entropy (8bit):7.950933538093809
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:YNSe2yN5DbD630l1MIeEfqjGWb2LU2j6rnbisZp/u:Ne2yNhDVl1leEP/qn2sZk
                                                                                                                                                                                                MD5:4D507E8D7BBF5ECEC8791CBA57B1CE17
                                                                                                                                                                                                SHA1:A66C0D4648A06B9078252D090D596C91C591AA50
                                                                                                                                                                                                SHA-256:C3993DF765AFF1068A656B28A7A4EDFFE7710AE3B6AA2EA056A6F9C3EDBDC210
                                                                                                                                                                                                SHA-512:21B4E729B16947B31657DC5F7F5C75DCDA9F94B4A0ED414E11A6D02951137AC266D605855DDDA7C21BE0200EA07530962D1ECE2FAE009EAE5F2A1A365195C995
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........b..H................META-INF/......PK..............PK........b..H................META-INF/MANIFEST.MF..;..0...@...uhI.J6-...E.U..-..(I,..m.|Up=..;.B.:.19...Y.Y*8+M.....p,m...F.....?..zRQ..........l....C..]....cO..T.......ds...(.9,...[.~...;.....>....Y.*T6)4. .3..PK.../.?....L...PK........I..H............-...com/sun/nio/zipfs/JarFileSystemProvider.class.U]S.U.~NH.a.@..B.\.!.$.U[.X..J..H..G...$,Mv.....z....9...........Z.d..a.1.y...<..s.y...~....x&c......q..B.`B.......'b.4...'e.1%......i!f../aV.L......B,.XD..KX.......V..^..@....`SD..`[.C._0.'..p.2.EF...SV.3t-.&OW.Yn....i....vx..=..]}O.J.Y.2.m..q.Tmc.Z.....H.arW[[I.7.L...F.k.E&...../.z.J...,U. QD...%....v...".+s.-f.....e..3....."..bvu[..b..Ag.<I7U*.^J..j....~.W\.2....i.j..1C7..:..U.QM.UG.d.c`4.8.Pf..MA.E.;0...1.r..bX..$l>h..%..,h.*..."^=m.90]}.T.}'.&...B;m.-.9.\T....x.p.laD.....#..U.r..P..o...(.a.....`.E.....*1..4-......fT......H.*kN..1....r.Z"7.J+d....B5.'U...e.).!...rt...^.p3..k.8.j.:..k5T....".
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4005
                                                                                                                                                                                                Entropy (8bit):4.909684349537555
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:5Th0S7zmtRUioj/DUXBZZjM8mcWoe+YfVktH:5h0Iz6Uioj/YXLZjnmdoeDktH
                                                                                                                                                                                                MD5:B0CE9F297D3FEC6325C0C784072908F1
                                                                                                                                                                                                SHA1:DD778A0E5417B9B97187215FFC66D4C14F95FEF0
                                                                                                                                                                                                SHA-256:6DA00C1CBE02909DCD6A75DA51D25DBF49BFD1D779C0B8E57B12E757229FC4A8
                                                                                                                                                                                                SHA-512:4C774BCB9ADE996569C86DD46B3BDB046771AD1BCF9AABB9DB86854C83E18015CBE5DF73DA86EE98E26BA0393F548B1CC09DE60BDA4248EACC4FC833E23B8AB4
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# This properties file is used to initialize the default..# java.awt.datatransfer.SystemFlavorMap. It contains the Win32 platform-..# specific, default mappings between common Win32 Clipboard atoms and platform-..# independent MIME type strings, which will be converted into..# java.awt.datatransfer.DataFlavors...#..# These default mappings may be augmented by specifying the..#..# AWT.DnD.flavorMapFileURL ..#..# property in the appropriate awt.properties file. The specified properties URL..# will be loaded into the SystemFlavorMap...#..# The standard format is:..#..# <native>=<MIME type>..#..# <native> should be a string identifier that the native platform will..# recognize as a valid data format. <MIME type> should specify both a MIME..# primary type and a MIME subtype separated by a '/'. The MIME type may include..# parameters, where each parameter is a key/value pair separated by '=', and..# where each parameter to the MIME type is separated by a ';'...#..# Because SystemFla
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:raw G3 (Group 3) FAX
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3670
                                                                                                                                                                                                Entropy (8bit):4.40570512634857
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:IRsY7hGbXWvaBKvKY5csW4BxciETBT5Bxrws+LW/B56JF:At/vaBKvKY5fxci8jMWY
                                                                                                                                                                                                MD5:E0E5428560288E685DBFFC0D2776D4A6
                                                                                                                                                                                                SHA1:2AE70624762C163C8A1533F724AA5A511D8B208E
                                                                                                                                                                                                SHA-256:AAE23ACC42F217A63D675F930D077939765B97E9C528B5659842515CA975111F
                                                                                                                                                                                                SHA-512:C726CC2898399579AFA70ACACE86BEC4369D4541112243E51721568B4D25DCC6C66FA64AC475AFF9BA9DE07A630B24A9F221FA00426AD36845203BA809219E3C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...%.........6.Y.j.{.........+...........6.=.:.-.9.;.<.3...0.4./.2.8.1.5.7......................................................................................................................................... ............... .........................................................................................................................D.C.I.F.A.G.E.B.?.@.>.H...........................................................................................!.".#.$.%.&.'.(.).*.+.+.+.+.+.J.M.U.^.f.e.X.W.d.V.R.\._.`.a.Y.O.Z.P.S.K.Q.N.[.c.L.T.].b.g.j.}...r.q.l.{.z.....p.o.|.s.k.w.~.t.x.v.y.........h.u.i.m.........n.................................................................................................................................................!......."........... .................#.(.-.2.7.<.A.F.K.P.U.[.a.g.m.s.y......................................................... .(.5.;.H.U.d.v...............................*.4.?.H.T.].i.s.~.............................".7.@.J.R.R.^.i
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10779
                                                                                                                                                                                                Entropy (8bit):5.217016051711063
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:Pj2TlKg7RzPc/mOHUFN5HX/rS8QbWZjjfVpMbtxp8lcR9NN:Pj6Y8NcFzXbWZjj9pSMlcz
                                                                                                                                                                                                MD5:0C1DB7410938A3634BD9928BA2F284CB
                                                                                                                                                                                                SHA1:7EE31F22136E73A2A3D0AAB279199778BAAB06F5
                                                                                                                                                                                                SHA-256:818A718788E5506EBB84F26DE82B6C60E08861876400E9ED3931346174D5D7FB
                                                                                                                                                                                                SHA-512:EE267E59564A077713856A307382D40D0D8DF8E7EC2EF930723B076F5E38446D3B2600D10AC192262F9A3A86D9973CF13A9E90D180818C05A6C7896A5BD7AD19
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# ..# Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....# Version....version=1....# Component Font Mappings....allfonts.chinese-ms936=SimSun..allfonts.chinese-ms936-extb=SimSun-ExtB..allfonts.chinese-gb18030=SimSun-18030..allfonts.chinese-gb18030-extb=SimSun-ExtB..allfonts.chinese-hkscs=MingLiU_HKSCS..allfonts.chinese-ms950-extb=MingLiU-ExtB..allfonts.devanagari=Mangal..allfonts.dingbats=Wingdings..allfonts.lucida=Lucida Sans Regular..allfonts.symbol=Symbol..allfonts.thai=Lucida Sans Regular..allfonts.georgian=Sylfaen....serif.plain.alphabetic=Times New Roman..serif.plain.chinese-ms950=MingLiU..serif.plain.chinese-ms950-extb=MingLiU-ExtB..serif.plain.hebrew=David..serif.plain.japanese=MS Mincho..serif.plain.korean=Batang....serif.bold.alphabetic=Times New Roman Bold..serif.bold.chinese-ms950=PMingLiU..serif.bold.chinese-ms9
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,422.Lucida BrightDemiboldLucida Bright Dem
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):75144
                                                                                                                                                                                                Entropy (8bit):6.849420541001734
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:H8Jwt1GIlZ6l0/9tRWhc0x/YxvsTjyIDXCrGU/tlDaKAgKrTLznvzDJIZmjFA0zG:Mwtze9xQcQ/LDaKAgK3LLvzFogbFt5WD
                                                                                                                                                                                                MD5:AF0C5C24EF340AEA5CCAC002177E5C09
                                                                                                                                                                                                SHA1:B5C97F985639E19A3B712193EE48B55DDA581FD1
                                                                                                                                                                                                SHA-256:72CEE3E6DF72AD577AF49C59DCA2D0541060F95A881845950595E5614C486244
                                                                                                                                                                                                SHA-512:6CE87441E223543394B7242AC0CB63505888B503EC071BBF7DB857B5C935B855719B818090305E17C1197DE882CCC90612FB1E0A0E5D2731F264C663EB8DA3F9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........pLTSH$....#.....OS/2p.{........Vcmap.U.z...T...jcvt 8.E.........fpgm..1.........glyf@>.7...l....hdmx..(:...t..1.head.?....T...6hhea.U........$hmtx..ys...... loca..\4........maxp.8......... name..#.........postM.IA.......prepbM.h.......W.............).......).....d. ............................B&H.. . .3.D.\...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................P...T.@.....~.............&.. . . . . " & 0 : D t .!"!&"."."."."."."+"H"`"e%................3..... .............&.. . . . . & 0 9 D t .!"!&"."."."."."."+"H"`"d%................3.........W.......M...d...............1.....j.y........t.q._./.0.......v.t.r.p.g.T.....R..........................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc.Lucida BrightDemibold ItalicLucida Bright Demibold Itali
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):75124
                                                                                                                                                                                                Entropy (8bit):6.805969666701276
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:lww80sTGzcKHwxWL0T+qHi/sbA06PoNORsr5sOnD0OyuusGa7bs4J:lwL0i97WL0T+qHA9cOR05FD0Oyup74w
                                                                                                                                                                                                MD5:793AE1AB32085C8DE36541BB6B30DA7C
                                                                                                                                                                                                SHA1:1FD1F757FEBF3E5F5FBB7FBF7A56587A40D57DE7
                                                                                                                                                                                                SHA-256:895C5262CDB6297C13725515F849ED70609DBD7C49974A382E8BBFE4A3D75F8C
                                                                                                                                                                                                SHA-512:A92ADDD0163F6D81C3AEABD63FF5C293E71A323F4AEDFB404F6F1CDE7F84C2A995A30DFEC84A9CAF8FFAF8E274EDD0D7822E6AABB2B0608696A360CABFC866C6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........pLTSH.....#.....OS/2k.{........Vcmap.U.z...T...jcvt =jC.........fpgm..1.........glyf.......h...Jhdmx.......`..1.head..X.......6hhea...;.......$hmtx.b......... loca..\....0....maxp...:...D... name .7]...d....postM..A........prep.C.f....................).......).....d. ............................B&H..!. .3.D.\...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................P...T.@.....~.............&.. . . . . " & 0 : D t .!"!&"."."."."."."+"H"`"e%................3..... .............&.. . . . . & 0 9 D t .!"!&"."."."."."."+"H"`"d%................3.........W.......M...d...............1.....j.y........t.q._./.0.......v.t.r.p.g.T.....R..........................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,773.Lucida BrightItalicLucida Bright Itali
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):80856
                                                                                                                                                                                                Entropy (8bit):6.821405620058844
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:jw9ESkPFybxWj1V7zbPUoOPjp85rFqXpLboVklDNTc2Wt:jwZO0xWPTU7l85rFYpLbott
                                                                                                                                                                                                MD5:4D666869C97CDB9E1381A393FFE50A3A
                                                                                                                                                                                                SHA1:AA5C037865C563726ECD63D61CA26443589BE425
                                                                                                                                                                                                SHA-256:D68819A70B60FF68CA945EF5AD358C31829E43EC25024A99D17174C626575E06
                                                                                                                                                                                                SHA-512:1D1F61E371E4A667C90C2CE315024AE6168E47FE8A5C02244DBF3DF26E8AC79F2355AC7E36D4A81D82C52149197892DAED1B4C19241575256BB4541F8B126AE2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........pLTSH...2..:L....OS/2p.|y.......Vcmap.U.z...T...jcvt F.;.........fpgm..1.........glyf.}.....@....hdmx?..p......1.head.A![.......6hhea.......P...$hmtx3..9...t... loca6..........maxp.......... name...p.......~postM..A...H....prep.......................).......).6...d. ............................B&H.... .3.D.\...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................P...T.@.....~.............&.. . . . . " & 0 : D t .!"!&"."."."."."."+"H"`"e%................3..... .............&.. . . . . & 0 9 D t .!"!&"."."."."."."+"H"`"d%................3.........W.......M...d...............1.....j.y........t.q._./.0.......v.t.r.p.g.T.....R..........................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:TrueType Font data, 15 tables, 1st "LTSH", 16 names, Macintosh, Copyright (c) 2000 Bigelow & Holmes Inc. Pat. Des 289,421.Lucida BrightRegularLucida Bright Regu
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):344908
                                                                                                                                                                                                Entropy (8bit):6.939775499317555
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:oBfQeUG2CCTufrmOufymM8hvFHp277tS9iZFYSATxNm:oNQ3vCCTcaFNJw7tSgYS82
                                                                                                                                                                                                MD5:630A6FA16C414F3DE6110E46717AAD53
                                                                                                                                                                                                SHA1:5D7ED564791C900A8786936930BA99385653139C
                                                                                                                                                                                                SHA-256:0FAAACA3C730857D3E50FBA1BBAD4CA2330ADD217B35E22B7E67F02809FAC923
                                                                                                                                                                                                SHA-512:0B7CDE0FACE982B5867AEBFB92918404ADAC7FB351A9D47DCD9FE86C441CACA4DD4EC22E36B61025092220C0A8730D292DA31E9CAFD7808C56CDBF34ECD05035
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........pLTSHN..U..=....~OS/2...S.......Vcmap..tO...T....cvt =|t>.......tfpgm..1....`....glyf.J.........Jhdmx]......D....head.WD...h...6hhea.j.........$hmtxW.6|........loca............maxp......4.... nameJO....4....rpost..g...8,..M.prep.].O.......T.............).......).....d. .............."....`........B&H..@. ...D.]...... ................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~......................................................................................................|...........~.............&.u.z.~.......................O.\.....................:.R.m.......... . . . . " & 0 : D t .!"!&!.".%....................3.b.r.t....... .............&.t.z.~.........................Q.^...................!.@.`.p........ . . . . & 0 9 D t .!"!&!.".%....................3.^.p.t.v.........W.......M......................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:TrueType Font data, 15 tables, 1st "LTSH", 19 names, Macintosh, Copyright (c) 1999, 2001 by Bigelow & Holmes Inc. Pat. Des. 289,420.Lucida SansDemiboldLucida Sa
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):317896
                                                                                                                                                                                                Entropy (8bit):6.869598480468745
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:R5OO1ZjNDE7/MsTJ30otegK4zJwz3UhG5jXsrg2HLzYv7cf0R7o7+WX/ov2DG:bOO11CEo9xzJwljXsrhHQ7cMuX/16
                                                                                                                                                                                                MD5:5DD099908B722236AA0C0047C56E5AF2
                                                                                                                                                                                                SHA1:92B79FEFC35E96190250C602A8FED85276B32A95
                                                                                                                                                                                                SHA-256:53773357D739F89BC10087AB2A829BA057649784A9ACBFFEE18A488B2DCCB9EE
                                                                                                                                                                                                SHA-512:440534EB2076004BEA66CF9AC2CE2B37C10FBF5CC5E0DD8B8A8EDEA25E3613CE8A59FFCB2500F60528BBF871FF37F1D0A3C60396BC740CCDB4324177C38BE97A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........pLTSH_R.a........OS/2...........Vcmapz.$L.......Zcvt ...y...8...hfpgm..1.........glyf......\....hdmx..0A.......hhead..&..:H...6hhea......:....$hmtx.,Z:..:.....loca.~'...T.....maxp......n.... name..=%..n....Kpost$.#...s$..[?prep......d...a..........................................)........2'............'........ ....................".".............0.%...............%...........)....................... ......0 ..............................) ) ) ) ...........................................2.2.2.2.).......................................................'"'"'"1....0.........................................................................................................'.....'...........)..,...&,....#............./&.....&.&.$.....$...$........'....... ....)...."...,.......+.....'....).,.....-)..)................... ..."..................,.........(.........,........................../..2.......+.........,.#) .....................+..).........0......+...............,.,.,......
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:TrueType Font data, 18 tables, 1st "GDEF", 19 names, Macintosh, Copyright (c) 1999 by Bigelow & Holmes Inc. Pat. Des. 289,420.Lucida SansRegularLucida Sans Regu
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):698236
                                                                                                                                                                                                Entropy (8bit):6.892888039120645
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:6obn11t7t7DxT+3+OQ64cctiOAq12ZX/DmfT6R83Sd8uvx7wSnyER4ky+SH/KPKQ:6oTJZzHniOAZ783Sd8uvx7wSnyER4kyI
                                                                                                                                                                                                MD5:B75309B925371B38997DF1B25C1EA508
                                                                                                                                                                                                SHA1:39CC8BCB8D4A71D4657FC92EF0B9F4E3E9E67ADD
                                                                                                                                                                                                SHA-256:F8D877B0B64600E736DFE436753E8E11ACB022E59B5D7723D7D221D81DC2FCDE
                                                                                                                                                                                                SHA-512:9C792EF3116833C90103F27CFD26A175AB1EB11286959F77062893A2E15DE44D79B27E5C47694CBBA734CC05A9A5BEFA72E991C7D60EAB1495AAC14C5CAD901D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:........... GDEF..|.......GPOS.......L...HGSUB.f.........LTSH...........uOS/2.#GQ...,...Vcmap..4........4cvt .y..........fpgm.!&.........glyf. ..........hdmx...M...(...\head..........6hhea...........$hmtx.S........-.loca'.c......-.maxp...Y....... nameW..r........post.&-.........prep.........................).......).....d. ...................{........B&H..@. ...D.]......`................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~..........................................................................................................".....".~...............E.u.z.~.......................O.\...............................:.R.m.............9.M.T.p.:.[.... . F p . . .!8!.!.".#.#.#!$i%.%.%.%.%.%.%.%$%,%4%<%l%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.&.&.&.&.&<&@&B&`&c&f&k'.'.'''K'M'R'V'^'g'.'.'................ .3.....6.<.>.A.D.N.b.r.t......... .........P.......t.z.~
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:TrueType Font data, 13 tables, 1st "OS/2", 16 names, Macintosh, Copyright (c) 1999, 2001 by Bigelow & Holmes Inc.Lucida Sans TypewriterBoldLucida Sans Typewrite
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):234068
                                                                                                                                                                                                Entropy (8bit):6.901545053424004
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:3BPS7w5KIMtYwqcO3GbA4MJcs2ME9UGQ2n9gM/oD:xVMtgcGGPMJcs4b9gM/4
                                                                                                                                                                                                MD5:A0C96AA334F1AEAA799773DB3E6CBA9C
                                                                                                                                                                                                SHA1:A5DA2EB49448F461470387C939F0E69119310E0B
                                                                                                                                                                                                SHA-256:FC908259013B90F1CBC597A510C6DD7855BF9E7830ABE3FC3612AB4092EDCDE2
                                                                                                                                                                                                SHA-512:A43CF773A42B4CEBF4170A6C94060EA2602D2D7FA7F6500F69758A20DC5CC3ED1793C7CEB9B44CE8640721CA919D2EF7F9568C5AF58BA6E3CF88EAE19A95E796
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........POS/2..........VcmapW......4....cvt .M/.........fpgm..1.........glyf|......@....head.c....L...6hhea...........$hmtx.e.........tloca..h..."....xmaxp......7.... name......7.....post1..%..;h..I.prep.......4... .............3.......3...1.f................+...x.........B&H.. . ...D.]......`................................................................................................ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a....................................................................................................................................x...........~...............u.z.~.......................O.\...............................:.R.m...........:.[.... . . . " & 0 3 : < > D . . . . .!.!.!.!"!&!.!^!.!.".".".".".".".")"+"H"a"e#.#.#!%.%.%.%.%.%.%.%$%,%4%<%l%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.&<&@&B&`&c&f&k...................3...b.r.t....... ...............t.z.~.........................Q.^.............................!.@.`.p...........?.... . . . &
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:TrueType Font data, 13 tables, 1st "OS/2", 16 names, Macintosh, Copyright (c) 1999 by Bigelow & Holmes Inc.Lucida Sans TypewriterRegularLucida Sans Typewriter R
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):242700
                                                                                                                                                                                                Entropy (8bit):6.936925430880877
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:VwzZsJcCrn271g+UGFDUnrrHqMyBtlc3+fzx5R1zeqZdDgfSkecUfEDpEXzSyPMx:GWcCrn2C46Ak+naqaucYEDpEX3gZoO9
                                                                                                                                                                                                MD5:C1397E8D6E6ABCD727C71FCA2132E218
                                                                                                                                                                                                SHA1:C144DCAFE4FAF2E79CFD74D8134A631F30234DB1
                                                                                                                                                                                                SHA-256:D9D0AAB0354C3856DF81AFAC49BDC586E930A77428CB499007DDE99ED31152FF
                                                                                                                                                                                                SHA-512:DA70826793C7023E61F272D37E2CC2983449F26926746605C550E9D614ACBF618F73D03D0C6351B9537703B05007CD822E42E6DC74423CB5CC736B31458D33B1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........POS/2...s.......`cmap..Rh...<....cvt m......@...<fpgm..1....|....glyf..;}...8....head.,j..2L...6hhea......2....$hmtx.....2.....loca.PB...H(....maxp.z....].... namex.R...].....post...Q..ax..I.prep.UJ....\.................).......).....d. ..............{.............B&H..@. ...D.\...... ........=..... ......................................................................................... !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a.bcdefghijklmnopqrstuvwxyz{|}~..................................................................................................................~...............u.z.~.......................O.\...............................:.R.m...........:.[.... . . . " & 0 3 : < > D . . . .!.!.!.!"!&!.!^!.!.".".".".".".".")"+"H"a"e#.#.#!%.%.%.%.%.%.%.%$%,%4%<%l%.%.%.%.%.%.%.%.%.%.%.%.%.%.%.&<&@&B&`&c&f&k.........................3...b.r.t....... ...............t.z.~.........................Q.^.............................!.@.`.p...........?..
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14331
                                                                                                                                                                                                Entropy (8bit):3.512673497574481
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:W6Zh/3dzz8XIrN2r1CdaqRWtHwBWgvw0Jy/ArUsJzu0HI:W6jhGIwxCdaqWQBWgvw0JyorBJzu0o
                                                                                                                                                                                                MD5:6E378235FB49F30C9580686BA8A787AA
                                                                                                                                                                                                SHA1:2FC76D9D615A35244133FC01AB7381BA49B0B149
                                                                                                                                                                                                SHA-256:B4A0C0A98624C48A801D8EA071EC4A3D582826AC9637478814591BC6EA259D4A
                                                                                                                                                                                                SHA-512:58558A1F8D9D3D6F0E21B1269313FD6AC9A80A93CC093A5E8CDEC495855FCD2FC95A6B54FE59E714E89D9274654BB9C1CD887B3FB9D4B9D9C50E5C5983C571B8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..# This properties file defines a Hijrah calendar variant...#..# Fields:..#..# <version> ::= 'version' '=' <version string>..# <id> ::= 'id' '=' <id string>..# <type> ::= 'type' '=' <type string>..# <iso-start> ::= 'iso-start' '=' <start date in the ISO calendar>..# <year> ::= <yyyy> '=' <nn nn nn nn nn nn nn nn nn nn nn nn>..#..# version ... (Required)..#..# id ... (Required)..# Identifies the Java Chronology..#..# type ... (Required)..# Identifies the type of calendar in the standard calendar ID scheme..# iso-start ... (Required)..# Specifies the corresponding ISO date to the first Hijrah day..# in the defined range of dates..#..# year ... (Required)..# Number of days for each month of a Hijrah year..# * Each line defines a ye
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):657
                                                                                                                                                                                                Entropy (8bit):4.993355967240905
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:QcwmIzDpneoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoeoe9B7aEiwoXH3Eoe4Q:QhDpemaoXHIB5foMS1JUqf07f
                                                                                                                                                                                                MD5:9FD47C1A487B79A12E90E7506469477B
                                                                                                                                                                                                SHA1:7814DF0FF2EA1827C75DCD73844CA7F025998CC6
                                                                                                                                                                                                SHA-256:A73AEA3074360CF62ADEDC0C82BC9C0C36C6A777C70DA6C544D0FBA7B2D8529E
                                                                                                                                                                                                SHA-512:97B9D4C68AC4B534F86EFA9AF947763EE61AEE6086581D96CBF7B3DBD6FD5D9DB4B4D16772DCE6F347B44085CEF8A6EA3BFD3B84FBD9D4EF763CEF39255FBCE3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..# List of JVMs that can be used as an option to java, javac, etc...# Order is important -- first in this list is the default JVM...# NOTE that this both this file and its format are UNSUPPORTED and..# WILL GO AWAY in a future release...#..# You may also select a JVM in an arbitrary location with the..# "-XXaltjvm=<jvm_dir>" option, but that too is unsupported..# and may not be available in a future release...#..-client KNOWN..-server KNOWN..
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1320
                                                                                                                                                                                                Entropy (8bit):5.02145006262851
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:n3lG0Bf4dJ0qEAmG620WKG0WBph8T2AGjGg0kz8lrbfOi7:3E0Bf4qrzrlWzy+ckUfP
                                                                                                                                                                                                MD5:01B94C63BD5E6D094E84FF3AD640FFBF
                                                                                                                                                                                                SHA1:5570F355456250B1EC902375B0257584DB2360AE
                                                                                                                                                                                                SHA-256:52845DEB58038B4375C30B75DD2053726872758C96597C7CC5D6CEF11F42A2BA
                                                                                                                                                                                                SHA-512:816BE2271CF3ECF10EE40E24A288CE302B2810010BEF76EFC0CE5746591955921B70F19005335F485D61A7B216DCCE0B06750831720DD426D07709154D5FAC7A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..#..# Cursors Properties file..#..# Names GIF89 sources for Custom Cursors and their associated HotSpots..#..# Note: the syntax of the property name is significant and is parsed..# by java.awt.Cursor..#..# The syntax is: Cursor.<name>.<geom>.File=win32_<filename>..# Cursor.<name>.<geom>.HotSpot=<x>,<y>..#. Cursor.<name>.<geom>.Name=<localized name>..#..Cursor.CopyDrop.32x32.File=win32_CopyDrop32x32.gif..Cursor.CopyDrop.32x32.HotSpot=0,0..Cursor.CopyDrop.32x32.Name=CopyDrop32x32..#..Cursor.MoveDrop.32x32.File=win32_MoveDrop32x32.gif..Cursor.MoveDrop.32x32.HotSpot=0,0..Cursor.MoveDrop.32x32.Name=MoveDrop32x32..#..Cursor.LinkDrop.32x32.File=win32_LinkDrop32x32.gif..Cursor.LinkDrop.32x32.HotSpot=0,0..Cursor.LinkDrop.32x32.Name=LinkDrop32x32..#..Cursor.CopyNoDrop.32x32.File=win32_CopyNoDrop32x32.gif..Cursor.CopyNoDrop.32x32.HotSpot=6,2..Cursor.CopyNoDrop.32x32.Name=CopyNoDrop32x32..#..Cursor.MoveNoDrop.32x32.File=win32_MoveNoDrop32x32.gif..Cursor.MoveNoDrop.32x32.Ho
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):153
                                                                                                                                                                                                Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):165
                                                                                                                                                                                                Entropy (8bit):6.347455736310776
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:CruuU/XExlHrBwM7Qt/wCvTjh2Azr8ptBNKtWwUzJ7Ful5u44JyYChWn:KP0URwMcx3UAzADBNwUlBul5TLYMWn
                                                                                                                                                                                                MD5:89CDF623E11AAF0407328FD3ADA32C07
                                                                                                                                                                                                SHA1:AE813939F9A52E7B59927F531CE8757636FF8082
                                                                                                                                                                                                SHA-256:13C783ACD580DF27207DABCCB10B3F0C14674560A23943AC7233DF7F72D4E49D
                                                                                                                                                                                                SHA-512:2A35311D7DB5466697D7284DE75BABEE9BD0F0E2B20543332FCB6813F06DEBF2457A9C0CF569449C37F371BFEB0D81FB0D219E82B9A77ACC6BAFA07499EAC2F7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GIF89a.. ................!.......,...... ...vL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj........k.-mF.. V..9'......f.T....w.xW.B.....P..;
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):153
                                                                                                                                                                                                Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):168
                                                                                                                                                                                                Entropy (8bit):6.465243369905675
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:CruuU/XExlHrZauowM7Qt/wCvTjh2Azr8ptBNKtWwUzJZmQYRNbC1MIQvEn:KP0UpawMcx3UAzADBNwUlZaCzn
                                                                                                                                                                                                MD5:694A59EFDE0648F49FA448A46C4D8948
                                                                                                                                                                                                SHA1:4B3843CBD4F112A90D112A37957684C843D68E83
                                                                                                                                                                                                SHA-256:485CBE5C5144CFCD13CC6D701CDAB96E4A6F8660CBC70A0A58F1B7916BE64198
                                                                                                                                                                                                SHA-512:CF2DFD500AF64B63CC080151BC5B9DE59EDB99F0E31676056CF1AFBC9D6E2E5AF18DC40E393E043BBBBCB26F42D425AF71CCE6D283E838E67E61D826ED6ECD27
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GIF89a.. ................!.......,...... ...yL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj........k.-mF.6.'.....`1]......u.Q.r.V..C......f.P..;
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):153
                                                                                                                                                                                                Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:GIF image data, version 89a, 31 x 32
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):147
                                                                                                                                                                                                Entropy (8bit):6.147949937659802
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:CruuU/XExlHrSauZKwM7Qt/wCvTjh2Azr8ptBNKtWXOh6WoXt2W:KP0UvEKwMcx3UAzADBNXOh6h9p
                                                                                                                                                                                                MD5:CC8DD9AB7DDF6EFA2F3B8BCFA31115C0
                                                                                                                                                                                                SHA1:1333F489AC0506D7DC98656A515FEEB6E87E27F9
                                                                                                                                                                                                SHA-256:12CFCE05229DBA939CE13375D65CA7D303CE87851AE15539C02F11D1DC824338
                                                                                                                                                                                                SHA-512:9857B329ACD0DB45EA8C16E945B4CFA6DF9445A1EF457E4B8B40740720E8C658301FC3AB8BDD242B7697A65AE1436FD444F1968BD29DA6A89725CDDE1DE387B8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GIF89a.. ................!.......,...... ...dL...-....F....o.U.8J..'J.....3...a...."...")..=fPHS......h.Zc.KDj.....-.kj..m.....X,&.......S..;
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:GIF image data, version 89a, 32 x 32
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):153
                                                                                                                                                                                                Entropy (8bit):6.2813106319833665
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:Csl7X/7/xlXlLaFGkDPF4V0Pee1F/sjtH5ybOCb1C3sxlWn:NljDjkFHF4V0Peene15tutsn
                                                                                                                                                                                                MD5:1E9D8F133A442DA6B0C74D49BC84A341
                                                                                                                                                                                                SHA1:259EDC45B4569427E8319895A444F4295D54348F
                                                                                                                                                                                                SHA-256:1A1D3079D49583837662B84E11D8C0870698511D9110E710EB8E7EB20DF7AE3B
                                                                                                                                                                                                SHA-512:63D6F70C8CAB9735F0F857F5BF99E319F6AE98238DC7829DD706B7D6855C70BE206E32E3E55DF884402483CF8BEBAD00D139283AF5C0B85DC1C5BF8F253ACD37
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:GIF89a . ................!.......,.... . ...j.?...o..T....._]-..9.`..D...f........^...n.`.%C......<..E..S&QL.....n+...R....'|N...."U........(8HXhx.X..;
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):58
                                                                                                                                                                                                Entropy (8bit):4.4779965120705425
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:CEBqRM9LTAGQdLV6ETEBqRM9LHQIuHPy:CEAsnAbLlszQdy
                                                                                                                                                                                                MD5:3C2B9CCAAD3D986E5874E8C0F82C37CF
                                                                                                                                                                                                SHA1:D1DDA4A2D5D37249C8878437DBF36C6AE61C33D1
                                                                                                                                                                                                SHA-256:D5BCD7D43E383D33B904CFF6C80ACE359DBE2CE2796E51E9743358BD650E4198
                                                                                                                                                                                                SHA-512:4350CCA847D214479C6AE430EB71EE98A220EA10EC175D0AB317A8B43ABC9B4054E41D0FF383F26D593DE825F761FB93704E37292831900F31E5E38167A41BAB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:javafx.runtime.version=8.0.101..javafx.runtime.build=b13..
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):476286
                                                                                                                                                                                                Entropy (8bit):7.905283162751186
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:k4VtaECp5plmgYhuWvHuR9Ta/+Aw7okxygk+W:kUChlHYHMaHw7XxW
                                                                                                                                                                                                MD5:5D8C1723F3005BD63DBA2B478CE15621
                                                                                                                                                                                                SHA1:AB26A6167789DCF81A0C40D121DC91005804C703
                                                                                                                                                                                                SHA-256:B637B78CFC33C92D4838D5FABFD0647CE03C3EF69D86EF6A7E6F229510AAF3B5
                                                                                                                                                                                                SHA-512:9830CCDFE913A492BB4E0015EE3E729BEA8EC1F22EDF48ED7CE2AEFD5376DF24F33948B9155E31EDFA9BC240544406FD2C43A34DD1366E4936B3318D3CA5ED1C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK...........H................META-INF/....PK...........H...7Z...e.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...y...R.KRSt.*...L....u....4....sR......K..5y.x..PK...........H................com/PK...........H................com/sun/PK...........H................com/sun/javaws/PK...........H................com/sun/javaws/exceptions/PK...........H................com/sun/javaws/jnl/PK...........H................com/sun/javaws/net/PK...........H................com/sun/javaws/net/protocol/PK...........H............ ...com/sun/javaws/net/protocol/jar/PK...........H................com/sun/javaws/progress/PK...........H................com/sun/javaws/security/PK...........H................com/sun/javaws/ui/PK...........H................com/sun/javaws/util/PK...........H................com/sun/jnlp/PK...........H................javax/PK...........H................javax/jnlp/PK...........H~p4=........#...com/sun/javaws/BrowserSupport.class.RMO.1.}...].H @.|.|(...P..B.....
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):114950
                                                                                                                                                                                                Entropy (8bit):7.912507028584016
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:5sNJO+ylt6se6sgU0w/XzGYWuSy15DudYLSfaxwpt5g1naZEqwoJ8sYcF+z/VSG8:aj8GHXZSy1pudYLdQe1ATtKVS+ws9O
                                                                                                                                                                                                MD5:A39F61D6ED2585519D7AF1E2EA029F59
                                                                                                                                                                                                SHA1:52515AC6DEAB634F3495FD724DEA643EE442B8FD
                                                                                                                                                                                                SHA-256:60724D9E372FBE42759349A06D3426380CA2B9162FA01EB2C3587A58A34AD7E0
                                                                                                                                                                                                SHA-512:AC2E9AB749F5365BE0FB8EBD321E8F231D22EAE396053745F047FCBCCF8D3DE2F737D3C37A52C715ADDFBDBD18F14809E8B37B382B018B58A76E063EFBA96948
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........gwHG................META-INF/MANIFEST.MF.Y....Y.C,j.m.,....z..I &1.m....b........D..+.$t......]....h.o......x...~..?..<@....7#n3.......m../\..u..>.....#......~.K..A..x ..../J...xa..,.._...G...?^...{...>.uj.AQ?^h....c_.pc..W....c.A..`....-.~ak.....^.&.......l.......X.kG.~yg..f......Z..b..L|......4....`..}........mG.o.....kU..*;W.HCU....e.....V..,...1Y.z<.n.A.j.....P..S.($,z........uD".9;..q...k.:p3pW......O...(....\.B...2...#.,.;w.q..k0r.el\F.^.!p..$.....}.9..lhf.P..:.E.&Lf..5.7....W.A.....[7.N}..+.J!.9.Gl.... ...rL.B}.Q.,.'.....@...W.ry[Ok&.......o...dp%..2.\.[2.........fB.p..Xd._.lA....xw..`.r..8...o.....ad}-..;...6....e...F.&e\....'...fA.Db.......%.@..^..U...*..q<.Z.K.T...."r.b...7@8.)4..~.4b....Y.q..u..N..|...e.#.I....4c{.....g.R....]......F.fo.F.u.).F.Z]..(.c|s....u.i..8..=..N%....]...)Xj\..t..w..ql..n.....2..u...|x$7YL.M.?..]..W...m^].~...{....I..{......[-..].f....Sc..c..6..kN.>....7x.k..a7S......8..e.w....*......&.;.
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):560553
                                                                                                                                                                                                Entropy (8bit):5.781566946934384
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:G5l+qU67FYWg+YWgYWeoXqgYSq8eh2f/m5NwaHkSIJHvWQ6Q7ooMcgH5lY7TQ5cD:G5l+qU67FYWg+YWgYWeoXqgYSq8eh2f3
                                                                                                                                                                                                MD5:CCB395235C35C3ACBA592B21138CC6AB
                                                                                                                                                                                                SHA1:29C463AA4780F13E77FB08CC151F68CA2B2958D5
                                                                                                                                                                                                SHA-256:27AD8EA5192EE2D91BA7A0EACE9843CB19F5E145259466158C2F48C971EB7B8F
                                                                                                                                                                                                SHA-512:D4C330741387F62DD6E52B41167CB11ABD8615675FE7E1C14AE05A52F87A348CBC64B56866AE313B2906B33CE98BE73681F769A4A54F6FE9A7D056F88CF9A4E1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........t..H................META-INF/....PK........t..H.s0>...>.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....PK...........HB.<>^...^...8...com/oracle/jrockit/jfr/client/EventSettingsBuilder.class.......4....5.f..g....f..4.h..4.i..j....f..4.k..l....m..4.n..o....f..4.p..q..r....f....s....t....u....v..w..x..y....z..{....|....}....~.................................#.........................)...................................................eventDefaultSets...Ljava/util/ArrayList;...Signature..DLjava/util/ArrayList<Loracle/jrockit/jfr/settings/EventDefaultSet;>;...settings..ALjava/util/ArrayList<Loracle/jrockit/jfr/settings/EventSetting;>;...eventDescriptorType..2Loracle/jrockit/jfr/openmbean/
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):20670
                                                                                                                                                                                                Entropy (8bit):4.627043889535612
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:VOMjUVCEM0Ut0ZINFWbqsZSwOVzx8xyxxxbAJ1muS7khPdyPsXZd2ZhptEgReW82:VONVTVgF9SsTMLA
                                                                                                                                                                                                MD5:47495DA4E7B3AF33F5C3ED1E35AC25AE
                                                                                                                                                                                                SHA1:F6DE88A4C6AE0C14B9F875FB4BC4721A104CB0EE
                                                                                                                                                                                                SHA-256:37D19EAC73DEEB613FBB539AE7E7C99339939EB3EFEC44E9EB45F68426E9F159
                                                                                                                                                                                                SHA-512:74DBEB118575B8881D5B43270EF878162DBDC222AC6D20F04699B2B733427347ABC76D6E82BF7728FCC435129B114E4C75D011FC5DDDEAF5A59E137BBC81F2B9
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8"?>.... .. Recommended way to edit .jfc files is to use Java Mission Control,.. see Window -> Flight Recorder Template Manager...-->....<configuration version="1.0" name="Continuous" description="Low overhead configuration safe for continuous use in production environments, typically less than 1 % overhead." provider="Oracle">.... <producer uri="http://www.oracle.com/hotspot/jvm/" label="Oracle JDK">.... <control>.... .. Contents of the control element is not read by the JVM, it's used.. by Java Mission Control to change settings that carry the control attribute... -->.... <selection name="gc-level" default="detailed" label="Garbage Collector">.. <option label="Off" name="off">off</option>.. <option label="Normal" name="detailed">normal</option>.. <option label="All" name="all">all</option>.. </selection>.... <condition name="gc-enabled-normal" true="true" false="fals
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):20626
                                                                                                                                                                                                Entropy (8bit):4.626761353117893
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:VeMjUECOwMsUt0ZINFWbqeZSwOVza8ayaxabAJ1duSikhPdyPsXZd2ZhptEgReWL:VeNEg/gF/ZnixLy
                                                                                                                                                                                                MD5:5480BEF2CA99090857E5CBF225C12A78
                                                                                                                                                                                                SHA1:E1F73CA807EC14941656FBE3DB6E5E5D9032041D
                                                                                                                                                                                                SHA-256:5FB0982C99D6BF258335FB43AAAE91919804C573DFD87B51E05C54ADB3C0392B
                                                                                                                                                                                                SHA-512:65FE0D6DA17E62CF29875910EB84D57BC5BB667C753369B4F810028C0995E63C322FAD2EB99658B6C19E11E8D2A40CB11B3C09943EB9C0B88F45626579ECE058
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="UTF-8"?>.... .. Recommended way to edit .jfc files is to use Java Mission Control,.. see Window -> Flight Recorder Template Manager...-->....<configuration version="1.0" name="Profiling" description="Low overhead configuration for profiling, typically around 2 % overhead." provider="Oracle">.... <producer uri="http://www.oracle.com/hotspot/jvm/" label="Oracle JDK">.... <control>.... .. Contents of the control element is not read by the JVM, it's used.. by Java Mission Control to change settings that carry the control attribute... -->.... <selection name="gc-level" default="detailed" label="Garbage Collector">.. <option label="Off" name="off">off</option>.. <option label="Normal" name="detailed">normal</option>.. <option label="All" name="all">all</option>.. </selection>.... <condition name="gc-enabled-normal" true="true" false="false">.. <or>.. <test name="
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):33932
                                                                                                                                                                                                Entropy (8bit):7.930702746433849
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:xYJfTGikW6VajSe/SA5vN9kqizE48ojVxQYuW+t:xY5TpkK/nFNIzptjVxYHt
                                                                                                                                                                                                MD5:C401E00A5DE0DD9723885CEF9E2F5A44
                                                                                                                                                                                                SHA1:B6735B93811517F062A20869D8A0B57FAEFF6A90
                                                                                                                                                                                                SHA-256:C6574F4763696F2A83028DE143D9ED1C975062BA2D44CC5C91558751FB84BCD6
                                                                                                                                                                                                SHA-512:595B950AD5BFF930654BF7FB996BA222D19B4F175821AB0FD6EC4F54D4B7D62B37757429051D1302BC438AB76350B4CD0A07BA712CAECC79DCDB0C60494B5AB2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK...........H................META-INF/....PK...........H.E..Z...g.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%-..x...R.KRSt.*A.-...M.t....4....sR......K..5y.x..PK...........H................javafx/PK...........H................javafx/embed/PK...........H................javafx/embed/swt/PK...........Hj...........%...javafx/embed/swt/CustomTransfer.class.T[S.F.=.MX(..!............8..`h.d....." yd..........4....%..k.N..ka.83..[.....|+...........#.OD..1...1.1.S1....*>..I..TL.....Y..*.S.q.-KAja..6.M.Y7V|.v...e............+...u...Z.....Z......k...O.v.....x..f...M.v...~I....j.N.(.R.... ..n.%).l:.N..,J...-.%.os:.v.K..V.._p.u.l..e...S5...^.....3+.Yy.h.RtGR..y.)..~...g..R.;5K...{.G.*..X.JP....D....8..[3.g...'d.e#Z.|c.j.t..F.w..t.W.j.,K[q.^..E.=M.a..6d.Z..yV.....=..........:.WG.............RA.<......qT...,*.=.....t\......(aI.2.....!..Jp.,..<.x..n.S....N.K.e.W....N.-..`....hmQ.E.fGE..$..n...4I{.......l_.)......?.Z>...t
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):633957
                                                                                                                                                                                                Entropy (8bit):6.018176262975427
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:ABoQeW0HKwYGORU+ehqEmke1WEAibVR0GPs4j8GgflXhuuMAjYDTj:Uo40WGdNmpb3DP75
                                                                                                                                                                                                MD5:FD1434C81219C385F30B07E33CEF9F30
                                                                                                                                                                                                SHA1:0B5EE897864C8605EF69F66DFE1E15729CFCBC59
                                                                                                                                                                                                SHA-256:BC3A736E08E68ACE28C68B0621DCCFB76C1063BD28D7BD8FCE7B20E7B7526CC5
                                                                                                                                                                                                SHA-512:9A778A3843744F1FABAD960AA22880D37C30B1CAB29E123170D853C9469DC54A81E81A9070E1DE1BF63BA527C332BB2B1F1D872907F3BDCE33A6898A02FEF22D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........u..H................META-INF/....PK........u..H.s0>...>.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....PK...........H....E...E...+...com/sun/net/ssl/internal/ssl/Provider.class.......4...............................serialVersionUID...J...ConstantValue.,..c".J-...<init>...()V...Code...LineNumberTable...(Ljava/security/Provider;)V...(Ljava/lang/String;)V...isFIPS...()Z...install...SourceFile...Provider.java......................%com/sun/net/ssl/internal/ssl/Provider...sun/security/ssl/SunJSSE.1.......................................!........*...................)...*............."........*+......................./............."........*+...................3...4.)........................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Algol 68 source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4312
                                                                                                                                                                                                Entropy (8bit):4.756104846669624
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:6VprYJmprYJD9Y3t3qFKPG7hLxVJgdTsfbFfcwQoPv:6HrsursD9Y3t36KPG7HyoBQoX
                                                                                                                                                                                                MD5:AD91D69A4129D31D72FBE288FF967943
                                                                                                                                                                                                SHA1:CB510AFCDBECEA3538C3F841C0440194573DBB65
                                                                                                                                                                                                SHA-256:235A50D958FAEDDE808D071705A6D603F97611F568EEC40D7444984B984A4B18
                                                                                                                                                                                                SHA-512:600BEE4676D26E2CE5B9171582540021509A4D7888C9C7BADC14F0FAD07007E4CE2B4C007A8EB15BD0D977722B8B34442012EA972FFBD72797475A56CDFD86EE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved.....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions..are met:.... - Redistributions of source code must retain the above copyright.. notice, this list of conditions and the following disclaimer..... - Redistributions in binary form must reproduce the above copyright.. notice, this list of conditions and the following disclaimer in the.. documentation and/or other materials provided with the distribution..... - Neither the name of Oracle nor the names of its.. contributors may be used to endorse or promote products derived.. from this software without specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS..IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,..THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR..PURP
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2514
                                                                                                                                                                                                Entropy (8bit):4.525846572478507
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:/GXieQT8cg6ZGBjn4stbaWUwO61xFMxO9:OXieW8nBjn4x613Mw9
                                                                                                                                                                                                MD5:0AA5D5EFDB4F2B92BEBBEB4160AA808B
                                                                                                                                                                                                SHA1:C6F1B311A4D0790AF8C16C1CA9599D043BA99E90
                                                                                                                                                                                                SHA-256:A3148336160EA7EF451052D1F435F7C9D96EEB738105AC730358EDADA5BD45A2
                                                                                                                                                                                                SHA-512:A52C2B784CF0B01A2AF3066F4BB8E7FD890A86CFD82359A22266341942A25333D4C63BA2C02AA43ADE872357FC9C8BBC60D311B2AF2AD2634D60377A2294AFDD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:############################################################..# .Default Logging Configuration File..#..# You can use a different file by specifying a filename..# with the java.util.logging.config.file system property. ..# For example java -Djava.util.logging.config.file=myfile..############################################################....############################################################..# .Global properties..############################################################....# "handlers" specifies a comma separated list of log Handler ..# classes. These handlers will be installed during VM startup...# Note that these classes must be on the system classpath...# By default we only configure a ConsoleHandler, which will only..# show messages at the INFO and above levels...handlers= java.util.logging.ConsoleHandler....# To also add the FileHandler, use the following line instead...#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler....# Default global
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):381
                                                                                                                                                                                                Entropy (8bit):4.99308306420453
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6:5ji0B4r/Rjiszbdy/oocj+sqX2K5YZ5/CUMQxxi6m4xijgxmzbdGh/4:5ji0GJjiIq1cCvXPA/CUMQxoeocx2K/4
                                                                                                                                                                                                MD5:B608D45DCDD7A4CAD6A63A89A002F683
                                                                                                                                                                                                SHA1:F6E3BB7050C3B1A3BED9B33122C4A98E6B9A810D
                                                                                                                                                                                                SHA-256:52CA96531445B437DCA524CB3714FCD8D70221D37A6B9C80F816713C3040DD0A
                                                                                                                                                                                                SHA-512:407E7CA807826F0E41B085BCA0F54F0134E3B9AC16FA5480EDE02774067DAD46AA07D225BA2981DEC2A7297EA57721EAB8C54E8BED83D352EC6C00ABFDBBF626
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........t..H................META-INF/......PK..............PK........t..H................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.JM,IM.u.........+h..%&.*8.....%...k.r9....:.$..[).....&.%....E..r.\.E....y...r..PK.....k.......PK..........t..H..............................META-INF/....PK..........t..H...k.....................=...META-INF/MANIFEST.MFPK..........}.........
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4077
                                                                                                                                                                                                Entropy (8bit):4.472483528668558
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:eii7cSoFKfgCe/D4dtQN+wvohSoVGPbPvRZUIpeDMy:eiiISokfXeEk+wQhnMPbnRZR7y
                                                                                                                                                                                                MD5:41B36D832BE39A3CF0F3D7760E55FDCB
                                                                                                                                                                                                SHA1:E706E9BE75604A13DFCC5A96B1720A544D76348B
                                                                                                                                                                                                SHA-256:71A930CBE577CBABB4269650C98D227F739E0D4B9C0B44830DD3D52F5015BE1F
                                                                                                                                                                                                SHA-512:41E6B8639C1CEB3D09D2FDEEEBA89FFA17C4ED8B1AD0DF1E5AB46C4BF178688D5504DC5A3C854226F7DA23DFA0EDAB0D035D6B56495829F43AAA2A7BABEC4273
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:######################################################################..# Default Access Control File for Remote JMX(TM) Monitoring..######################################################################..#..# Access control file for Remote JMX API access to monitoring...# This file defines the allowed access for different roles. The..# password file (jmxremote.password by default) defines the roles and their..# passwords. To be functional, a role must have an entry in..# both the password and the access files...#..# The default location of this file is $JRE/lib/management/jmxremote.access..# You can specify an alternate location by specifying a property in ..# the management config file $JRE/lib/management/management.properties..# (See that file for details)..#..# The file format for password and access files is syntactically the same..# as the Properties file format. The syntax is described in the Javadoc..# for java.util.Properties.load...# A typical access file has multiple
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2920
                                                                                                                                                                                                Entropy (8bit):4.545881645777106
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:MRSflLrmpop7JN/PgP8KAeoYsnZyhNMVJKWfVStEqwP0pba:Mkv7ngUZYsnRnfYdhE
                                                                                                                                                                                                MD5:5DD28AAF5A06C946DF7B223F33482FDF
                                                                                                                                                                                                SHA1:D09118D402CA3BA625B165ECACE863466D7F4CE9
                                                                                                                                                                                                SHA-256:24674176A4C0E5EEFB9285691764EA06585D90BBDAF5BF40C4220DE7CA3E3175
                                                                                                                                                                                                SHA-512:13C6F37E969A5AECE2B2F938FA8EBF6A72C0C173678A026E77C35871E4AE89404585FB1A3516AE2CA336FC47EAB1F3DD2009123ADBA9C437CD76BA654401CBDF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# ----------------------------------------------------------------------..# Template for jmxremote.password..#..# o Copy this template to jmxremote.password..# o Set the user/password entries in jmxremote.password..# o Change the permission of jmxremote.password to read-only..# by the owner...#..# See below for the location of jmxremote.password file...# ----------------------------------------------------------------------....##############################################################..# Password File for Remote JMX Monitoring..##############################################################..#..# Password file for Remote JMX API access to monitoring. This..# file defines the different roles and their passwords. The access..# control file (jmxremote.access by default) defines the allowed..# access for each role. To be functional, a role must have an entry..# in both the password and the access files...#..# Default location of this file is $JRE/lib/management/jmx
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):14415
                                                                                                                                                                                                Entropy (8bit):4.623139916889837
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:PLrOKIXaIr8Jzc90OEqfmdbHHHN6pDIdpgzri:PLrOKIXaIgYiOE0mdbHHHNGD4p0+
                                                                                                                                                                                                MD5:054E093240388F0322604619EF643F18
                                                                                                                                                                                                SHA1:6E110C2A5D813013E9C57700BE8B0D17896E950C
                                                                                                                                                                                                SHA-256:BF41D73EAB0DA8222FE24255E1BBF68327FB02B1A4F1E7A81B9C7B539033FFB2
                                                                                                                                                                                                SHA-512:BD60C6271CDEFFFF4563E6E2CF97C176D86F160092D1FFCBE7EEFE714BA75DDC5FB4E848A5FDBE7A1D1510720D92AF6A176A76DE2CC599F27E4BEAE8E692C5D3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#####################################################################..#.Default Configuration File for Java Platform Management..#####################################################################..#..# The Management Configuration file (in java.util.Properties format)..# will be read if one of the following system properties is set:..# -Dcom.sun.management.jmxremote.port=<port-number>..# or -Dcom.sun.management.snmp.port=<port-number>..# or -Dcom.sun.management.config.file=<this-file>..#..# The default Management Configuration file is:..#..# $JRE/lib/management/management.properties..#..# Another location for the Management Configuration File can be specified..# by the following property on the Java command line:..#..# -Dcom.sun.management.config.file=<this-file>..#..# If -Dcom.sun.management.config.file=<this-file> is set, the port..# number for the management agent can be specified in the config file..# using the following lines:..#..# ################ Management Agen
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3486
                                                                                                                                                                                                Entropy (8bit):4.4357861198752975
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:MlXHR6+76EX0o8KA0Esns+ek2OrRC9AUE4T7AKQi2r8BKS3GpPsDu0cpUxJAJKk3:M9HRb7l0FAEsnJKmS32X00h
                                                                                                                                                                                                MD5:9D9EC1BB9E357BBFB72B077E4AF5F63F
                                                                                                                                                                                                SHA1:6484B03DBE9687216429D3A6F916773C060E15CE
                                                                                                                                                                                                SHA-256:8B02A29BC61B0F7203DF7CA94140F80D2C6A1138064E0441DFD621CF243A0339
                                                                                                                                                                                                SHA-512:5FE39BBFCA806CE45871A6223D80FA731EFAA5D31C3B97EE055AB77EAF3833342945F39E9858335D9DD358B4B7F984FFADE741452E19B60B8E510AA74AC02C00
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# ----------------------------------------------------------------------..# Template for SNMP Access Control List File..#..# o Copy this template to snmp.acl..# o Set access control for SNMP support..# o Change the permission of snmp.acl to be read-only..# by the owner...#..# See below for the location of snmp.acl file...# ----------------------------------------------------------------------....############################################################..# SNMP Access Control List File ..############################################################..#..# Default location of this file is $JRE/lib/management/snmp.acl...# You can specify an alternate location by specifying a property in ..# the management config file $JRE/lib/management/management.properties..# or by specifying a system property (See that file for details)...#......##############################################################..# File permissions of the snmp.acl file..######################
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2126
                                                                                                                                                                                                Entropy (8bit):4.970874214349507
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:EE796OfeCiuG2M5tP5iMmC5KOAY2HQii+r4IzteKk:EnEiuGJbP5lmC5KOA3HQii+EIz8Kk
                                                                                                                                                                                                MD5:91AA6EA7320140F30379F758D626E59D
                                                                                                                                                                                                SHA1:3BE2FEBE28723B1033CCDAA110EAF59BBD6D1F96
                                                                                                                                                                                                SHA-256:4AF21954CDF398D1EAE795B6886CA2581DAC9F2F1D41C98C6ED9B5DBC3E3C1D4
                                                                                                                                                                                                SHA-512:03428803F1D644D89EB4C0DCBDEA93ACAAC366D35FC1356CCABF83473F4FEF7924EDB771E44C721103CEC22D94A179F092D1BFD1C0A62130F076EB82A826D7CB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:% VERSION 2..% WARNING: this file is auto-generated; do not edit..% UNSUPPORTED: this file and its format may change and/or..% may be removed in a future release..# charsets.jar..sun/nio..sun/awt..# jce.jar..javax/crypto..sun/security..META-INF/ORACLE_J.RSA..META-INF/ORACLE_J.SF..# jfr.jar..oracle/jrockit/..jdk/jfr..com/oracle/jrockit/..! jsse.jar..sun/security..com/sun/net/..! management-agent.jar..@ resources.jar..com/sun/java/util/jar/pack/..META-INF/services/sun.util.spi.XmlPropertiesProvider..META-INF/services/javax.print.PrintServiceLookup..com/sun/corba/..META-INF/services/javax.sound.midi.spi.SoundbankReader..sun/print..META-INF/services/javax.sound.midi.spi.MidiFileReader..META-INF/services/sun.java2d.cmm.CMMServiceProvider..javax/swing..META-INF/services/javax.sound.sampled.spi.AudioFileReader..META-INF/services/javax.sound.midi.spi.MidiDeviceProvider..sun/net..META-INF/services/javax.sound.sampled.spi.AudioFileWriter..com/sun/imageio/..META-INF/services/sun.java2d.pipe.Ren
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3144
                                                                                                                                                                                                Entropy (8bit):4.858724831876285
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:VBnTRxiW1nTbXMROXX6zcjd6vEzcoZDTzcj8L0zccfbb6wB:VBnvisPMQ6z+zPVzv0zVfvT
                                                                                                                                                                                                MD5:1CBB261944925044B1EE119DC0563D05
                                                                                                                                                                                                SHA1:05F2F63047F4D82F37DFA59153309E53CAA4675C
                                                                                                                                                                                                SHA-256:5BAF75BDD504B2C80FF5B98F929A16B04E9CB06AA8AAE30C144B5B40FEBE0906
                                                                                                                                                                                                SHA-512:C964A92BE25BACF11D20B61365930CAB28517D164D9AE4997651E2B715AA65628E45FA4BD236CCD507C65E5D85A470FD165F207F446186D22AE4BD46A04006E6
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:############################################################..# .Default Networking Configuration File..#..# This file may contain default values for the networking system properties...# These values are only used when the system properties are not specified..# on the command line or set programatically...# For now, only the various proxy settings can be configured here...############################################################....# Whether or not the DefaultProxySelector will default to System Proxy..# settings when they do exist...# Set it to 'true' to enable this feature and check for platform..# specific proxy settings..# Note that the system properties that do explicitely set proxies..# (like http.proxyHost) do take precedence over the system settings..# even if java.net.useSystemProxies is set to true... ..java.net.useSystemProxies=false....#------------------------------------------------------------------------..# Proxy configuration for the various protocol handlers...# D
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1012097
                                                                                                                                                                                                Entropy (8bit):7.896417877823185
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:q7jNpf26MPAMSL/wxSz2ijt2eejo+oV3vv:6NVZEaL4xSljt2eHNV3
                                                                                                                                                                                                MD5:54EF6C22FAAAE5850091031763078D37
                                                                                                                                                                                                SHA1:11D40B78BB606E245CB5E17C6DDB08193A34B40E
                                                                                                                                                                                                SHA-256:654B033B1DC315EB9806F0D35ABAF3F25064AC806292ACB2BD818F6B2DF2AD07
                                                                                                                                                                                                SHA-512:10998B6508D5571E1ECE2001C6E561169D3DBD7580A3DE439067D1195FBE85E6BD1729A0874E306234391AF963E1B062050276E1AC0E9C9FA289711738B41B31
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........!..H................META-INF/....PK........ ..H...7Z...e.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%...y...R.KRSt.*...L....u....4....sR......K..5y.x..PK...........H................com/PK...........H................com/sun/PK...........H................com/sun/deploy/PK...........H................com/sun/deploy/uitoolkit/PK...........H................com/sun/deploy/uitoolkit/impl/PK........!..H............"...com/sun/deploy/uitoolkit/impl/awt/PK...........H............#...com/sun/deploy/uitoolkit/impl/text/PK...........H................com/sun/deploy/uitoolkit/ui/PK...........H................com/sun/java/PK...........H................com/sun/java/browser/PK...........H................com/sun/java/browser/plugin2/PK...........H............)...com/sun/java/browser/plugin2/liveconnect/PK...........H............,...com/sun/java/browser/plugin2/liveconnect/v1/PK...........H................netscape/PK...........H................netscape/javascript/PK.........
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2915
                                                                                                                                                                                                Entropy (8bit):5.2172692442941075
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:GgQv18IsTJvuUdEt6u7KeblbhGwQEvzZIE+i+WEi+Iq4fNSg2kv:Gb6Xha1hFGwQEvdh+5g2kv
                                                                                                                                                                                                MD5:A38587427E422D55B012FA3E5C9436D2
                                                                                                                                                                                                SHA1:7BD1B81B39DA78124BE045507E0681E860921DBB
                                                                                                                                                                                                SHA-256:D2C47DE948033ED836B375CCD518CF55333FE11C4CED56BC1CE2FF62114CF546
                                                                                                                                                                                                SHA-512:EA6CA975E9308ED2B3BBCCE91EE61142DAB0067CE8F17CB469929F6136E6B4A968BAC838141D8B38866F9EF5E15E156400859CCCC84FB114214E19556F0DC636
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..#..# Copyright (c) 1996, 2000, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....#..#.Japanese PostScript printer property file..#..font.num=16..#..serif=serif..timesroman=serif..sansserif=sansserif..helvetica=sansserif..monospaced=monospaced..courier=monospaced..dialog=sansserif..dialoginput=monospaced..#..serif.latin1.plain=Times-Roman..serif.latin1.italic=Times-Italic..serif.latin1.bolditalic=Times-BoldItalic..serif.latin1.bold=Times-Bold..#..sansserif.latin1.plain=Helvetica..sansserif.latin1.italic=Helvetica-Oblique..sansserif.latin1.bolditalic=Helvetica-BoldOblique..sansserif.latin1.bold=Helvetica-Bold..#..monospaced.latin1.plain=Courier..monospaced.latin1.italic=Courier-Oblique..monospaced.latin1.bolditalic=Courier-BoldOblique..monospaced.latin1.bold=Courier-Bold..#..serif.x11jis0208.plain=Ryumin-Light-H..serif.x11jis0208.italic=Ryumin-Light-H
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):10716
                                                                                                                                                                                                Entropy (8bit):5.016037435830914
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:Jp22HdiEUEdWUcPeJ7fbdHmcbiLMWNDyZcy57ha1xh3qvfRdIdyJkW:u2HdiEUEdGY1gbD9TKdIdyJkW
                                                                                                                                                                                                MD5:66B3E6770C291FE8CD3240FFBB00DC47
                                                                                                                                                                                                SHA1:88CE9D723A2D4A07FD2032A8B4A742FE323EEC8F
                                                                                                                                                                                                SHA-256:7EA6E05D3B8B51D03C3D6548E709C220541DF0F1AEE2E69B9101C9F051F7C17A
                                                                                                                                                                                                SHA-512:D1B99AA011568AFFA415758C986B427588AE87FE5EB7FC52D519F7167AD46BBFF8B62799F14D8DBC7C55DEB6FF7259445D6E8882CC781D61206ED1B79B688745
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..#..# Copyright (c) 1999, Oracle and/or its affiliates. All rights reserved...# ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms...#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#..#....#..#.PostScript printer property file for Java 2D printing...#..# WARNING: This is an internal implementation file, not a public file...# Any customisation or reliance on the existence of this file and its..# contents or syntax is discouraged and unsupported...# It may be incompatibly changed or removed without any notice...#..#..font.num=35..#..# Legacy logical font family names and logical font aliases should all..# map to the primary logical font names...#..serif=serif..times=serif..timesroman=serif..sansserif=sansserif..helvetica=sansserif..dialog=sansserif..dialoginput=monospaced..monospaced=monospaced..courier=monospaced..#..# Next, physical fonts which can be safely mapped to standard postscript fonts..# These keys generally map to a value which is the same as the key, so
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3490933
                                                                                                                                                                                                Entropy (8bit):6.067002853185717
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:49152:WX4zfeUcKDQ1toKXiO3fLxqhH3YRazQwIK7XgnyRMvMtMm55HopLKbtJzUkMkOBV:GL
                                                                                                                                                                                                MD5:9A084B91667E7437574236CD27B7C688
                                                                                                                                                                                                SHA1:D8926CC4AA12D6FE9ABE64C8C3CB8BC0F594C5B1
                                                                                                                                                                                                SHA-256:A1366A75454FC0F1CA5A14EA03B4927BB8584D6D5B402DFA453122AE16DBF22D
                                                                                                                                                                                                SHA-512:D603AA29E1F6EEFFF4B15C7EBC8A0FA18E090D2E1147D56FD80581C7404EE1CB9D6972FCF2BD0CB24926B3AF4DFC5BE9BCE1FE018681F22A38ADAA278BF22D73
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK...........H................META-INF/....PK...........H.s0>...>.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....PK...........H....$...$.......META-INF/mailcap.default#.# This is a very simple 'mailcap' file.#.image/gif;;..x-java-view=com.sun.activation.viewers.ImageViewer.image/jpeg;;..x-java-view=com.sun.activation.viewers.ImageViewer.text/*;;..x-java-view=com.sun.activation.viewers.TextViewer.text/*;;..x-java-edit=com.sun.activation.viewers.TextEditor.PK...........H..{~2...2.......META-INF/mimetypes.default#.# A simple, old format, mime.types file.#.text/html..html htm HTML HTM.text/plain..txt text TXT TEXT.image/gif..gif GIF.image/ief..ief.image/jpeg..jpeg jpg jpe JPG.image/tiff..tiff tif.
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):63602929
                                                                                                                                                                                                Entropy (8bit):5.963369315504544
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:786432:WyfysbZyGp7g85KKwcl0HeJgyll3LTjjA:F0GZTjjA
                                                                                                                                                                                                MD5:EDB5B5B3EF4565E4E86BFFE647FB1AA2
                                                                                                                                                                                                SHA1:11F5B1B2D729309059B1BD1FE2922251D9451D5F
                                                                                                                                                                                                SHA-256:D00351BD39DE7DBF9E9FDBB9EE1FD82189189F9BC82E988B58E1E950D1D4BDC8
                                                                                                                                                                                                SHA-512:05E7F9ED915610B70664EB7CB68F3F0BBA5BD5CF208BBDB54007DA5FF6311A6DDBBF057E0DF5A346C9042333C29E5C766B2C0A686628F8655C2E75061A9179C1
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK...........H................META-INF/....PK...........H.5.%...%.......META-INF/MANIFEST.MFManifest-Version: 1.0..Implementation-Vendor: Oracle Corporation..Implementation-Title: Java Runtime Environment..Implementation-Version: 1.8.0_101..Specification-Vendor: Oracle Corporation..Created-By: 1.7.0_07 (Oracle Corporation)..Specification-Title: Java Platform API Specification..Specification-Version: 1.8....Name: javax/swing/JCheckBoxMenuItem.class..Java-Bean: True....Name: javax/swing/JDialog.class..Java-Bean: True....Name: javax/swing/JSlider.class..Java-Bean: True....Name: javax/swing/JTextField.class..Java-Bean: True....Name: javax/swing/JTextPane.class..Java-Bean: True....Name: javax/swing/JTextArea.class..Java-Bean: True....Name: javax/swing/JList.class..Java-Bean: True....Name: javax/swing/JFormattedTextField.class..Java-Bean: True....Name: javax/swing/JApplet.class..Java-Bean: True....Name: javax/swing/JSpinner.class..Java-Bean: True....Name: javax/swing/JLabel.class..Java-Bean
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3026
                                                                                                                                                                                                Entropy (8bit):7.48902128028383
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:48:9JJweDY2LXQ4lAAldrou1YgH767KWajaHpwrHZt0H9BRJgfHilVVt2+HZ:PCcY26Iou1YgHqK3WJGeHn8fH4VVttHZ
                                                                                                                                                                                                MD5:EE4ED9C75A1AAA04DFD192382C57900C
                                                                                                                                                                                                SHA1:7D69EA3B385BC067738520F1B5C549E1084BE285
                                                                                                                                                                                                SHA-256:90012F900CF749A0E52A0775966EF575D390AD46388C49D512838983A554A870
                                                                                                                                                                                                SHA-512:EAE6A23D2FD7002A55465844E662D7A5E3ED5A6A8BAF7317897E59A92A4B806DD26F2A19B7C05984745050B4FE3FFA30646A19C0F08451440E415F958204137C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........F..C................META-INF/MANIFEST.MFe.Ao.0...;....-K....d..e.&.UM.BJ)..h)E..~..v......nXI;.wTv.7.p,.4.R..!R.6Gu.@.T.f.....1....}..l.<.....9..K.F..4L#.5.@.{Ih...L.-B8y.`..q....{.v....|...K.l..=....]...m..........T.E...Ke.^1...2..Rwz..2.......pI...N..m..H..;..?..PK.............PK........F..C................META-INF/ORACLE_J.SFu.Ko.@...;...c...->H<.j)XDA./f.eYy,Y.-.....Mos.f.....P.!.1).A..x.5Tq(...F.f..(q..p)..Q|n....I...*Q..Y..@.FS..Y...<'........E..++..j..`N...b..P.iS.Z.e.<r.[a.....ct.............. ...Z..X...x...T..44.'.......ok...h../Z..*..._..Z~mK...zh.....a........w..W..G._?..h.l....';+..&w....+..;K.......PK..+.s.4.......PK........F..C................META-INF/ORACLE_J.RSA3hb...........iA....&.+L......l..m....,L...........2.....q..f&F&&&fK..v..s.,.@.....8.CY..B.a..a&gGC!....].3 1'_.1.$.P.@.$.%,.\.....\._\Y\..[....l.l.......J,KT..O+)O,JUp.OIU..L...K7.1..)b...rvE.Rpv4...5440.b3....( ...5.r.....i.I.......s@.E..E.%..y...A...GF`.27.......aK....o
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):4149
                                                                                                                                                                                                Entropy (8bit):5.816047466650347
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:ubCHVyxwEyPEtpuVFWny6NnXjekkMDV6kiPVNXvNhtfx5e6NgyufTMBwtBsv5XHs:ubCHVyxwEyPEtpuV8ny6NnX6kkMDV6kL
                                                                                                                                                                                                MD5:3F5DC1D941E8356CCD04454AC0A7A7D2
                                                                                                                                                                                                SHA1:3698F9AFD870C7959E2D8A0DA0A97B4475554831
                                                                                                                                                                                                SHA-256:C48D57D64ED98F8F174A4F6873F536AE03B41A63F67079D7C2F7140950A1C02E
                                                                                                                                                                                                SHA-512:65319A4EF150884F7E67C6F96085A996C9B32DCF9A539C4EB7AF77B1B46CDD90F1E83446F33DA14467EA37D0628C9411323F5C3D3CEFCF03CBDFA186EEB2BD3C
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:# JNLPAppletLauncher applet-launcher.jar..SHA1-Digest-Manifest: 5Bo5/eg892hQ9mgbUW56iDmsp1k=....# 7066583..SHA1-Digest-Manifest: x17xGEFzBRXY2pLtXiIbp8J7U9M=..SHA1-Digest-Manifest: ya6YNTzMCFYUO4lwhmz9OWhhIz8=..SHA1-Digest-Manifest: YwuPyF/KMcxcQhgxilzNybFM2+8=....# 7066809..SHA1-Digest-Manifest: dBKbNW1PZSjJ0lGcCeewcCrYx5g=..SHA1-Digest-Manifest: lTYCkD1wm5uDcp2G2PNPcADG/ds=..SHA1-Digest-Manifest: GKwQJtblDEuSVf3LdC1ojpUJRGg=....# 7186931..SHA1-Digest-Manifest: 0CUppG7J6IL8xHqPCnA377Koahw=..SHA1-Digest-Manifest: 3aJU1qSK6IYmt5MSh2IIIj5G1XE=..SHA1-Digest-Manifest: 8F4F0TXA4ureZbfEXWIFm76QGg4=..SHA1-Digest-Manifest: B1NaDg834Bgg+VE9Ca+tDZOd2BI=..SHA1-Digest-Manifest: bOoQga+XxC3j0HiP552+fYCdswo=..SHA1-Digest-Manifest: C4mtepHAyIKiAjjqOm6xYMo8TkM=..SHA1-Digest-Manifest: cDXEH+bR01R8QVxL+KFKYqFgsR0=..SHA1-Digest-Manifest: cO2ccW2cckTvpR0HVgQa362PyHI=..SHA1-Digest-Manifest: D/TyRle6Sl+CDuBFmdOPy03ERaw=..SHA1-Digest-Manifest: eJfWm86yHp2Oz5U8WrMKbpv6GGA=..SHA1-Digest-Manifest: g3mA5HqcRBlKa
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1273
                                                                                                                                                                                                Entropy (8bit):4.167014768533289
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:NPwGDO0uFVW0mSDEYMZ9HWYZj4bJCC8lCEQqkvZq1n4v3CYe:NPrDJuF4oMyYZj4h8lCENq2+e
                                                                                                                                                                                                MD5:BBEBCF13680E71EC2EE562524DA02660
                                                                                                                                                                                                SHA1:C5C005C29A80493F5C31CD7EB629AC1B9C752404
                                                                                                                                                                                                SHA-256:1FBEA394E634630894CF72DE02DF1846F32F3BB2067B3CB596700E4DD923F4B5
                                                                                                                                                                                                SHA-512:B686236EEE055C97A96F5E31A2EE7CE57EED04C2175235CEB19F9F56ABFD22DB6FDCADE8C5D4BA7B656D69E923A1C5844C06DC959A4A915E215FB0ACE377B114
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:Algorithm=SHA-256..14E6D2764A4B06701C6CBC376A253775F79C782FBCB6C0EE6F99DE4BA1024ADD..31C8FD37DB9B56E708B03D1F01848B068C6DA66F36FB5D82C008C6040FA3E133..3946901F46B0071E90D78279E82FABABCA177231A704BE72C5B0E8918566EA66..450F1B421BB05C8609854884559C323319619E8B06B001EA2DCBB74A23AA3BE2..4CBBF8256BC9888A8007B2F386940A2E394378B0D903CBB3863C5A6394B889CE..4FEE0163686ECBD65DB968E7494F55D84B25486D438E9DE558D629D28CD4D176..5E83124D68D24E8E177E306DF643D5EA99C5A94D6FC34B072F7544A1CABB7C7B..76A45A496031E4DD2D7ED23E8F6FF97DBDEA980BAAC8B0BA94D7EDB551348645..8A1BD21661C60015065212CC98B1ABB50DFD14C872A208E66BAE890F25C448AF..9ED8F9B0E8E42A1656B8E1DD18F42BA42DC06FE52686173BA2FC70E756F207DC..A686FEE577C88AB664D0787ECDFFF035F4806F3DE418DC9E4D516324FFF02083..B8686723E415534BC0DBD16326F9486F85B0B0799BF6639334E61DAAE67F36CD..D24566BF315F4E597D6E381C87119FB4198F5E9E2607F5F4AB362EF7E2E7672F..D3A936E1A7775A45217C8296A1F22AC5631DCDEC45594099E78EEEBBEDCBA967..DF21016B00FC54F9FE3BC8B039911BB216E9162FAD2FD14D990AB96E9
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Java KeyStore
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):112860
                                                                                                                                                                                                Entropy (8bit):7.58405956263152
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:knYlyRHbLD1Syx011lYcdSmjbDKuaG8QlpzHok0SeHX:knYlyRHrq5dbeO9pLD0SiX
                                                                                                                                                                                                MD5:A2C167C8E0F275B234CB2C2E943781C7
                                                                                                                                                                                                SHA1:2A6B5FBC476EA3A5DDFB4BF1F6CDF0C4DA843BB1
                                                                                                                                                                                                SHA-256:A9263831583DFD58BC3584AA0B13E6CDE43403FB82093329B47BB65A8C701AFB
                                                                                                                                                                                                SHA-512:8A0C2240C603210AE963C6A126D19BF51659FDED2228503BBF2A2662CCB73B0F9E18C020C9E5E2F3449E2F4F0006D68FE15C8FD5D91DEE8A1A6B42A49183BEAA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...........h......digicertassuredidrootca....Wa....X.509....0...0................F...`...090...*.H........0e1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1$0"..U....DigiCert Assured ID Root CA0...061110000000Z..311110000000Z0e1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1$0"..U....DigiCert Assured ID Root CA0.."0...*.H.............0.............C.\...`.q....&...... 9(X`......2a<..(........z.....yS\1.*...26v...<...j.!.Ra. ......d..[_.X.5.G.6.k..8>...3../..(......nD.a5...Y..vm..K.+..r.`..5.xU. ...m..I|1.3l"..2Z......9...:r.......1u..}".?.F..(y...W..~......V.......?........_.wO......c0a0...U...........0...U.......0....0...U......E....1-Q...!..m..0...U.#..0...E....1-Q...!..m..0...*.H.....................rszd...rf.2.Bub.......V.....(...`\.LX..=.IEX.5i..G.V.y...g.....<..&, .=.(.._."...e....gI.]..*.&.x.}?+.&5m_...I[.....=%.....o...dh.-..B.....b.Pg.l....k.6...7|.[mz..F`..'..K...g*h....3f....n...c.....%ml...a...&..q......Q.+
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2515
                                                                                                                                                                                                Entropy (8bit):4.490054643169131
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24:nWjF29ShnQUQH2Hvh4ic1mo6wv1PdOpGLSYLHoQLZQ/1rJ+fSA:n+4AQWxc1tgAFH
                                                                                                                                                                                                MD5:EC90FD04C2890584A16EB24664050C2A
                                                                                                                                                                                                SHA1:C7FE062EAC95909EC6A5EA93F42DDA5E023AD82C
                                                                                                                                                                                                SHA-256:CED51E3926E6B0CFEC8ECAB3B15D296FDCFAE4D32046224814AAAB5FD0FED9C0
                                                                                                                                                                                                SHA-512:8DA494925B3B5AAE69A30A8B5F9732E64EDBAE39C968229D112185E349C410A0F5D1B281A4E44718E0120E910820B15CA878B2ED1CF905DFC6595F1BA34B85D3
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:..// Standard extensions get all permissions by default....grant codeBase "file:${{java.ext.dirs}}/*" {.. permission java.security.AllPermission;..};....// default permissions granted to all domains....grant {.. // Allows any thread to stop itself using the java.lang.Thread.stop().. // method that takes no argument... // Note that this permission is granted by default only to remain.. // backwards compatible... // It is strongly recommended that you either remove this permission.. // from this policy file or further restrict it to code sources.. // that you specify, because Thread.stop() is potentially unsafe... // See the API specification of java.lang.Thread.stop() for more.. // information... permission java.lang.RuntimePermission "stopThread";.... // allows anyone to listen on dynamic ports.. permission java.net.SocketPermission "localhost:0", "listen";.... // "standard" properies that
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):27033
                                                                                                                                                                                                Entropy (8bit):4.840685151784295
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:rmLHAEcqrlANbwbqL1AdLAHaPw2kqUTWip+fzIz:rWQaYFqUTWip0kz
                                                                                                                                                                                                MD5:409C132FE4EA4ABE9E5EB5A48A385B61
                                                                                                                                                                                                SHA1:446D68298BE43EB657934552D656FA9AE240F2A2
                                                                                                                                                                                                SHA-256:4D9E5A12B8CAC8B36ECD88468B1C4018BC83C97EB467141901F90358D146A583
                                                                                                                                                                                                SHA-512:7FED286AC9AED03E2DAE24C3864EDBBF812B65965C7173CC56CE622179EB5F872F77116275E96E1D52D1C58D3CDEBE4E82B540B968E95D5DA656AA74AD17400D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# This is the "master security properties file"...#..# An alternate java.security properties file may be specified..# from the command line via the system property..#..# -Djava.security.properties=<URL>..#..# This properties file appends to the master security properties file...# If both properties files specify values for the same key, the value..# from the command-line properties file is selected, as it is the last..# one loaded...#..# Also, if you specify..#..# -Djava.security.properties==<URL> (2 equals),..#..# then that properties file completely overrides the master security..# properties file...#..# To disable the ability to specify an additional properties file from..# the command line, set the key security.overridePropertiesFile..# to false in the master security properties file. It is set to true..# by default.....# In this file, various security properties are set for use by..# java.security classes. This is where users can statically register..# Cryptography Packag
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):103
                                                                                                                                                                                                Entropy (8bit):4.802539000066613
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3:RSjGIWgjM0ePFUNaXsIGNDAPVnyzowv:RS6c2PFUsXsIrRqoa
                                                                                                                                                                                                MD5:E0C4EF8B210C0DDFEE01126E1ACA4280
                                                                                                                                                                                                SHA1:F1CC674F447045D668454996D5C3C188884762CD
                                                                                                                                                                                                SHA-256:E5CD7F9FD43084674AA749BC8301F28DE85EEF6D01BD78828F72FA32377A3368
                                                                                                                                                                                                SHA-512:4820074F15520AD099193B27A673499C31544A7279279EFCB6131D53FE997438A96E1C5B386C233385004F7A2FBB775D4CDE3C0272A196B54C0D8EE6CCEF43DF
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:..grant codeBase "file:${jnlpx.home}/javaws.jar" {.. permission java.security.AllPermission;..};....
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):3527
                                                                                                                                                                                                Entropy (8bit):7.521709350514316
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:96:XWlvuYcIou1YgHqK3WwGjIEwtR88fH4VVKZ:sutuyOqKmw0QtRpH4VVKZ
                                                                                                                                                                                                MD5:57AAAA3176DC28FC554EF0906D01041A
                                                                                                                                                                                                SHA1:238B8826E110F58ACB2E1959773B0A577CD4D569
                                                                                                                                                                                                SHA-256:B8BECC3EF2E7FF7D2165DD1A4E13B9C59FD626F20A26AF9A32277C1F4B5D5BC7
                                                                                                                                                                                                SHA-512:8704B5E3665F28D1A0BC2A063F4BC07BA3C7CD8611E06C0D636A91D5EA55F63E85C6D2AD49E5D8ECE267D43CA3800B3CD09CF369841C94D30692EB715BB0098E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........H..C................META-INF/MANIFEST.MF...o.0...;....-..N.I.._..!S..^L..v+....~....K.....9.......-.qLc,.P.N..%QG.b....n...`..m.u...Yw...ak....+to..1.............."m.i8..z}{B...^uV...1..s.>>..Z-.&..%....A..W..t..c....?z.o....A.]d0a...^..a........./..'..NQQ.%...4..l..}....N..A.f..Q[G.K^.S...o..PK.....8....h...PK........H..C................META-INF/ORACLE_J.SF..Ko.0...}.....U....A........-!....c...4..m.E..F.;.G.c..5...AH.qW.93.....-...`...#.Y.1..=.......b....0/.p...`...}...!.N..a'.....'..?eW..(b..SD.(0;*=h.W\.....w........ ........hg. y.....D...1.L'+...P..QOM..f.w...{\m...Tl.&i..!N~..Q.5...8............/.....UzY..$>.}.m..'.............g>.....D.O...o..V...o.O....4....~.2.7..'.o/....}.PK...E..\.......PK........H..C................META-INF/ORACLE_J.RSA3hb...........iA....&.+L......l..m....,L...........2.....q..f&F&&&fK..v..s.,.@.....8.CY..B.a..a&gGC!....].3 1'_.1.$.P.@.$.%,.\.....\._\Y\..[....l.l.......J,KT..O+)O,JUp.OIU..L...K7.1..)b...rvE.Rpv4
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1249
                                                                                                                                                                                                Entropy (8bit):4.735634480139973
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:AJx/wzjJQO1YfK4pPq8Ul6GyGLCKDJ9w5lAu9aEVjEcGuc8X3A0LlmPOiMA0L9UV:w/61sppNUl6GbLCOMlmEOucA3e2s/WW
                                                                                                                                                                                                MD5:BB63293B1207CB8608C5FBE089A1B06D
                                                                                                                                                                                                SHA1:96A0FA723AF939C22AE25B164771319D82BC033B
                                                                                                                                                                                                SHA-256:633015AD63728DFE7A51BF26E55B766DD3E935F1FCCCFFA8054BF6E158EA89B2
                                                                                                                                                                                                SHA-512:0042DEBE4A77DA997A75A294A0C48D19AED258EEB3CD723FD305037DF11F0A5073A92CC54967B8B541E1AFC912F36481D0B0F68477B8156E52E15093722B7C32
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:############################################################..# Sound Configuration File..############################################################..#..# This properties file is used to specify default service..# providers for javax.sound.midi.MidiSystem and..# javax.sound.sampled.AudioSystem...#..# The following keys are recognized by MidiSystem methods:..#..# javax.sound.midi.Receiver..# javax.sound.midi.Sequencer..# javax.sound.midi.Synthesizer..# javax.sound.midi.Transmitter..#..# The following keys are recognized by AudioSystem methods:..#..# javax.sound.sampled.Clip..# javax.sound.sampled.Port..# javax.sound.sampled.SourceDataLine..# javax.sound.sampled.TargetDataLine..#..# The values specify the full class name of the service..# provider, or the device name...#..# See the class descriptions for details...#..# Example 1:..# Use MyDeviceProvider as default for SourceDataLines:..# javax.sound.sampled.SourceDataLine=com.xyz.MyDeviceProvider..#..# Example 2:..# Speci
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):103910
                                                                                                                                                                                                Entropy (8bit):7.113278604363908
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:OcQWmFKJzLl2g6kpE7tdTMBB/////t97Taz69rU4y/uqmol7s2gK:Oyh3F27/qGzkrfy/uqllQ2gK
                                                                                                                                                                                                MD5:5A7F416BD764E4A0C2DEB976B1D04B7B
                                                                                                                                                                                                SHA1:E12754541A58D7687DEDA517CDDA14B897FF4400
                                                                                                                                                                                                SHA-256:A636AFA5EDBA8AA0944836793537D9C5B5CA0091CCC3741FC0823EDAE8697C9D
                                                                                                                                                                                                SHA-512:3AB2AD86832B98F8E5E1CE1C1B3FFEFA3C3D00B592EB1858E4A10FFF88D1A74DA81AD24C7EC82615C398192F976A1C15358FCE9451AA0AF9E65FB566731D6D8F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...TZDB....2016d.S..Africa/Abidjan..Africa/Accra..Africa/Addis_Ababa..Africa/Algiers..Africa/Asmara..Africa/Asmera..Africa/Bamako..Africa/Bangui..Africa/Banjul..Africa/Bissau..Africa/Blantyre..Africa/Brazzaville..Africa/Bujumbura..Africa/Cairo..Africa/Casablanca..Africa/Ceuta..Africa/Conakry..Africa/Dakar..Africa/Dar_es_Salaam..Africa/Djibouti..Africa/Douala..Africa/El_Aaiun..Africa/Freetown..Africa/Gaborone..Africa/Harare..Africa/Johannesburg..Africa/Juba..Africa/Kampala..Africa/Khartoum..Africa/Kigali..Africa/Kinshasa..Africa/Lagos..Africa/Libreville..Africa/Lome..Africa/Luanda..Africa/Lubumbashi..Africa/Lusaka..Africa/Malabo..Africa/Maputo..Africa/Maseru..Africa/Mbabane..Africa/Mogadishu..Africa/Monrovia..Africa/Nairobi..Africa/Ndjamena..Africa/Niamey..Africa/Nouakchott..Africa/Ouagadougou..Africa/Porto-Novo..Africa/Sao_Tome..Africa/Timbuktu..Africa/Tripoli..Africa/Tunis..Africa/Windhoek..America/Adak..America/Anchorage..America/Anguilla..America/Antigua..America/Araguaina..America/
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):8602
                                                                                                                                                                                                Entropy (8bit):5.204166069367786
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:j1kfcymkDvxeMmKg5GQEK2TtllXinSV29OHPQT:hhymk/QGT7YT
                                                                                                                                                                                                MD5:B8DD8953B143685B5E91ABEB13FF24F0
                                                                                                                                                                                                SHA1:B5CEB39061FCE39BB9D7A0176049A6E2600C419C
                                                                                                                                                                                                SHA-256:3D49B3F2761C70F15057DA48ABE35A59B43D91FA4922BE137C0022851B1CA272
                                                                                                                                                                                                SHA-512:C9CD0EB1BA203C170F8196CBAB1AAA067BCC86F2E52D0BAF979AAD370EDF9F773E19F430777A5A1C66EFE1EC3046F9BC82165ACCE3E3D1B8AE5879BD92F09C90
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:#..# This file describes mapping information between Windows and Java..# time zones...# Format: Each line should include a colon separated fields of Windows..# time zone registry key, time zone mapID, locale (which is most..# likely used in the time zone), and Java time zone ID. Blank lines..# and lines that start with '#' are ignored. Data lines must be sorted..# by mapID (ASCII order)...#..# NOTE..# This table format is not a public interface of any Java..# platforms. No applications should depend on this file in any form...#..# This table has been generated by a program and should not be edited..# manually...#..Romance:-1,64::Europe/Paris:..Romance Standard Time:-1,64::Europe/Paris:..Warsaw:-1,65::Europe/Warsaw:..Central Europe:-1,66::Europe/Prague:..Central Europe Standard Time:-1,66::Europe/Prague:..Prague Bratislava:-1,66::Europe/Prague:..W. Central Africa Standard Time:-1,66:AO:Africa/Luanda:..FLE:-1,67:FI:Europe/Helsinki:..FLE Standard Time:-1,67:FI:E
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:ASCII text, with very long lines (427), with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):533
                                                                                                                                                                                                Entropy (8bit):5.416086012521588
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12:GEKkc58IOlBVAQEjy2IM0oPP1RVtc8fFVKeiIdGIVIPJvq1RUbDcz:GEK7586QY/0oPtRb2TqySRUkz
                                                                                                                                                                                                MD5:A61B1E3FE507D37F0D2F3ADD5AC691E0
                                                                                                                                                                                                SHA1:8AE1050FF466B8F024EED5BC067B87784F19A848
                                                                                                                                                                                                SHA-256:F9E84B54CF0D8CB0645E0D89BF47ED74C88AF98AC5BF9CCF3ACCB1A824F7DC3A
                                                                                                                                                                                                SHA-512:3E88A839E44241AE642D0F9B7000D80BE7CF4BD003A9E2F9F04A4FEB61EC4877B2B4E76151503184F4B9978894BA1D0DE034DBC5F2E51C31B3ABB24F0EACF0C7
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:JAVA_VERSION="1.8.0_101"..OS_NAME="Windows"..OS_VERSION="5.1"..OS_ARCH="i586"..SOURCE=" .:e983a19c6439 corba:2bb2aec4b3e5 deploy:2390a2618e98 hotspot:77df35b662ed hotspot/make/closed:40ee8a558775 hotspot/src/closed:710cffeb3c01 hotspot/test/closed:d6cfbcb20a1e install:68eb511e9151 jaxp:8ee36eca2124 jaxws:287f9e9d45cc jdk:827b2350d7f8 jdk/make/closed:53a5d48a69b0 jdk/src/closed:06c649fef4a8 jdk/test/closed:556c76f337b9 langtools:8dc8f71216bf nashorn:44e4e6cbe15b pubs:388b7b93b2c0 sponsors:1b72bbdb30d6"..BUILD_TYPE="commercial"..
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):247787
                                                                                                                                                                                                Entropy (8bit):7.915391305945515
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:6144:p+30cnH7ihlQT+uRm0C/vL7cvRurEQ9oTo4/1pC:p+3VnYo+WkvsJuApo4/1k
                                                                                                                                                                                                MD5:F5AD16C7F0338B541978B0430D51DC83
                                                                                                                                                                                                SHA1:2EA49E08B876BBD33E0A7CE75C8F371D29E1F10A
                                                                                                                                                                                                SHA-256:7FBFFBC1DB3422E2101689FD88DF8384B15817B52B9B2B267B9F6D2511DC198D
                                                                                                                                                                                                SHA-512:82E6749F4A6956F5B8DD5A5596CA170A1B7FF4E551714B56A293E6B8C7B092CBEC2BEC9DC0D9503404DEB8F175CBB1DED2E856C6BC829411C8ED311C1861336A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........RT.IcT..............META-INF/MANIFEST.MF.....T]o.0.}G...x.6.......L.T..X_'.\..3.....h....).}r...zF.[.6.3(.........G..LFl. .....z4....4.A@*"........5&.....=..Ah^`.I....N.3......y1#.s.r.5h...D.J7.....s..2..4.05H5.{...A..|.,...}..C....'.tT.g.d.}..I../.....8.2&.w.........+.."..`c.y._...?..9.{........L3.0.....M...6..T.x.R.tQ..+#...`4.K..)f.L.5.^..(..22U....-.#.5Qdj.......n.e=5$..$b."...sA!..D....OO..fNg.... ui.2...=....-..R.G..E..V3..G..m.i..L...f.......8.`......^........!...`5.0V.%?...D&.Iy5.....?...V.._..m.T..B.:..-..Ng)%....}o.w._PK........RT.I................org/..PK........RT.I................org/objectweb/..PK........RT.I................org/objectweb/asm/..PK........RT.I............)...org/objectweb/asm/AnnotationVisitor.class..]O.`.....(+.....:']...`L..b...../.4M..R.~...&.%...~(.9m...3{..?...y....??....]..@E. .v.P.{b..w.'.....'.;......~....qt.^.i.....><.....}.&a..u..&l..{..u. ..........s'3..(L_.^.>.z...uU.<$(..9I.......'......'.........
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Java archive data (JAR)
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):810999
                                                                                                                                                                                                Entropy (8bit):7.990303165823132
                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                SSDEEP:12288:QqmXSKYGix710RyjEBJT0qB8xjOWfWUMveOteWsjJFh/bn3LCBTFuZMHdiL8Oeu3:GSJJp0RiUJdBUKYzjJFhT3NM9g/wy
                                                                                                                                                                                                MD5:A7D4A2C9D18CCE513F87DC37BC7A1A8A
                                                                                                                                                                                                SHA1:955E2F8C1CC657D7A2F49FA455AF8658F3AA9F80
                                                                                                                                                                                                SHA-256:17C18AF34D0EBB18D1FDC4B5E4A72463DDBA0DE6D221576B06B40D6DB3E0ECEA
                                                                                                                                                                                                SHA-512:FD0C444B4EBFEDC01D2950017CF3A3A8435CFCBA603C01A1A8151D4C5AB7B2EB0561FC1E5928FB34968F7DBE70BC2E225C7ACE811846815295AC6B4EBCBE730F
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK..........$Y................META-INF/....PK..........$Yc..\...h.......META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r.C.q,HL.HU...%-..y...R.KRSt.*A.-......u....4....sR......K..h.r.r..PK..........$Y.................packages/PK..........$Y................action/PK..........$Y................behaviour/PK..........$Y................behaviour/custom/PK..........$Y................bundle/PK..........$Y................bundle/jurl/PK..........$Y................bundle/windows/PK..........$Y................bundle/windows/api/PK..........$Y................bundle/windows/result/PK..........$Y................bundle/zip/PK..........$Y................facade/PK..........$Y................installer/PK..........$Y................installer/forms/PK..........$Y................installer/modules/PK..........$Y................php/PK..........$Y................php/compress/PK..........$Y................php/framework/PK..........$Y................php/gui/PK..........$Y................php/gui/framework/PK.....
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13202
                                                                                                                                                                                                Entropy (8bit):7.737712617961208
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:LhR1Ygxt7I20RiT2dI03cIH8W6Bc4/kyOLZAy0ZH6AfkA8sFayhbD3D3KRe:1RNRI24AKBcW6BIyYreXf/iyhPD3KU
                                                                                                                                                                                                MD5:3E5E8CCCFF7FF343CBFE22588E569256
                                                                                                                                                                                                SHA1:66756DAA182672BFF27E453EED585325D8CC2A7A
                                                                                                                                                                                                SHA-256:0F26584763EF1C5EC07D1F310F0B6504BC17732F04E37F4EB101338803BE0DC4
                                                                                                                                                                                                SHA-512:8EA5F31E25C3C48EE21C51ABE9146EE2A270D603788EC47176C16ACAC15DAD608EEF4FA8CA0F34A1BBC6475C29E348BD62B0328E73D2E1071AAA745818867522
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........3.\K................META-INF/..PK........3.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........3.\K................JPHP-INF/..PK........3.\K................JPHP-INF/sdk/..PK........3.\K..e.....\... ...JPHP-INF/sdk/ArithmeticError.phpe..j.0...@.Ac...n]..C..+8....)Xr....t.`cI.......i.K..t.V..F..)@...l.[B...G^b.E=I.a.2J..'..%.b. ^.......z........S ........v......d.h4...1NN]..,..t...~..yo&...G.....<@A...5. .\..ET.w;.S...w.....a..61...[.O....k....PK........3.\K.J.......... ...JPHP-INF/sdk/array-functions.php.Y]o.0.}G.?..M....M[.U.j.h.=F&..q2.0.u.}Nb ....:.@7p....p...Y...\]^v;.e.)C.....z.z.G...z1.P....h...U..H...jc.O..@4..U.._..K..C....6...q;..v.t;.})q....Q..eE..5wg+.l.c..V.......T{qJ..(53.cXn..<..#.k.....RI.A..8...D$..0..0]os...|...OR...p......]..`0.f.8.q....p...H....E..4>{...5.Xf.....5...Wms...>....LH..$,`C......T..#.#K..4".....f.-!h..MAle.m.a..2.....AZ......iT.Z.....Vu.J.a......p..4.6B..I..D9GY....}.L"Mh.....$...M.
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):231952
                                                                                                                                                                                                Entropy (8bit):7.8987047381149225
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:2DiL6hR+wm60gqZjJhqo2M04r7bv1XMrMxw1rl1rwj+Bmd6dYBmkW1eIjEmFdbl6:bq0jSi2Qi1B1Cay6dYBUwmPxLe3
                                                                                                                                                                                                MD5:5134A2350F58890FFB9DB0B40047195D
                                                                                                                                                                                                SHA1:751F548C85FA49F330CECBB1875893F971B33C4E
                                                                                                                                                                                                SHA-256:2D43EB5EA9E133D2EE2405CC14F5EE08951B8361302FDD93494A3A997B508D32
                                                                                                                                                                                                SHA-512:C3CDAF66A99E6336ABC80FF23374F6B62AC95AB2AE874C9075805E91D849B18E3F620CC202B4978FC92B73D98DE96089C8714B1DD096B2AE1958CFA085715F7A
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK...........H................META-INF/PK...........H..Q?....p.......META-INF/MANIFEST.MF.R]..0.|...`....$.8...SQ.C.....Kp... ..u>0.U..9.....Y....M..J3)2.....+A9..A..M.x.R.....q.SD].l{)w.......\..........=...N.n36..F.FM.../.b.6.A.D...l.Z].x4M'.t<.R7z..w.k}._.S@.g.z..81%E..dh.l.a.G.."'........n......Je.h6lM.(..r.{_.T&.....[....Z...N_. G.c............T6.z.z]m...N.s+..........R.Zg.`.Qg.a...a+e.J..W..%.P....7.I...$..wi.{...*...{...=.N......Q@.`v..$..G..........M./m3.....6.O.9...T.P.[X........~Lc.{Q$.QXHe=k...D.pE.nH...PK...........H................com/PK...........H................com/google/PK...........H................com/google/gson/PK...........H................com/google/gson/annotations/PK...........H................com/google/gson/internal/PK...........H................com/google/gson/internal/bind/PK...........H............#...com/google/gson/internal/bind/util/PK...........H................com/google/gson/reflect/PK...........H................com/google/g
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):106006
                                                                                                                                                                                                Entropy (8bit):7.823795646704166
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:CPj4aLCBcnn4xGrpR7H30x4VTNVNM43QHt0msLiWzO5SQJn4494m75CYl3U:ETCBmnoCptBNNVNzQ6e5SQW494mlZ2
                                                                                                                                                                                                MD5:0C8768CDEB3E894798F80465E0219C05
                                                                                                                                                                                                SHA1:C4DA07AC93E4E547748ECC26B633D3DB5B81CE47
                                                                                                                                                                                                SHA-256:15F36830124FC7389E312CF228B952024A8CE8601BF5C4DF806BC395D47DB669
                                                                                                                                                                                                SHA-512:35DB507A3918093B529547E991AB6C1643A96258FC95BA1EA7665FF762B0B8ABB1EF732B3854663A947EFFE505BE667BD2609FFCCCB6409A66DF605F971DA106
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........3.\K................META-INF/..PK........3.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........3.\K.................packages/..PK........3.\KpS..v............packages/framework.pkg.W.n.8.}....}..,.:m....c3.&.(Hr;....k..V..h.sH../.\..h... w.T6j....k.o..;L.....dBR.{/.I.P.t.H.:s...X.......#...-..CPm.....lT;..u........P..o.L.j..a.h...@.@..6`J....D9..IfT..U....d.B.]..........T.<.......nfs..k....P`..,..g........T[+@.em.cY...F.k.h..T.M.1....{.eg@+Q.._a.....(O.Z..y.UPu....;.M.......8O..d$....)...MlMc/..;.|....N.(.s.......1.c.n..... T+..._.g*@R9.. ...F...../...lg..>.....W...J.6.<.VT..iY.l....}......M.J.?.........YS....H.9rG.I.;....ZK...d'|....Ix....c.....ve._s......JOu..s....Z...)g........j.K.W.7.o .^....:!m...n...........*9Q'..8.<..3!.\.8.j...z.mn.....6.....].N/...x]..Ke....:.A.Z.......l..AaG3~..y.K8R..<#J?..P..._..k.H........ .]L8.......j......lYq..).......(.hCf...$$..l.....K...M3...Ll9....-.1.%.......v.....m...
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):475905
                                                                                                                                                                                                Entropy (8bit):7.8713354167151675
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:pyfuv+DnikW2IfqFXKzNGNyyRmfD4vCgdiRST:pLWDnid2IfZGAyAfczdig
                                                                                                                                                                                                MD5:7E5E3D6D352025BD7F093C2D7F9B21AB
                                                                                                                                                                                                SHA1:AD9BFC2C3D70C574D34A752C5D0EBCC43A046C57
                                                                                                                                                                                                SHA-256:5B37E8FF2850A4CBB02F9F02391E9F07285B4E0667F7E4B2D4515B78E699735A
                                                                                                                                                                                                SHA-512:C19C29F8AD8B6BEB3EED40AB7DC343468A4CA75D49F1D0D4EA0B4A5CEE33F745893FBA764D35C8BD157F7842268E0716B1EB4B8B26DCF888FB3B3F4314844AAD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK..........[K................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK..........[K................org/..PK..........[K................org/develnext/..PK..........[K................org/develnext/jphp/..PK..........[K................org/develnext/jphp/core/..PK..........[K................org/develnext/jphp/core/common/..PK..........[K0:..).......G...org/develnext/jphp/core/common/ObjectSizeCalculator$ObjectWrapper.class.RMo.@.}k;q.\....o.$....F.@.*".p.*.'6.*qp.`;.EH........%.$...q...B.V..r.....{o.....o...* ..yh8"..:..p.'u.b....pb.rk...q.g.H.K...._f.....1h..+.f[./........OH......]Y.....af..V.G#.2.M..a..Q$..h.a..u...~l.F......0..~..v........ \..)..{c.E..~.A...K;...U>J-..<.o..VkM.,..Fi...CG.....^..I%.y,..3p.gt.e...#....d(..'.J?#..q.E..jmj....\...;...Q,...]..n.qm{[{.............T..(P.G.......3.i}..*....t.xD...'..ja.6.J@.IV.?(c..|.r.....6.~..>A-ko.Q'..(.whtlB..AS'./#..P|J..1?... ....mRWj.S.CF7X.t.......I)[/..T...ze.k.WT..,.L.
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17374
                                                                                                                                                                                                Entropy (8bit):7.682654493549437
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:Paj1PXNyyQwsCxm7VXh3il27I8pdo63XNrqlY3ylWn4iczt3Z:e1/BQwsCxIVXhuF8pKaXNdXn4icz9Z
                                                                                                                                                                                                MD5:B50E2C75F5F0E1094E997DE8A2A2D0CA
                                                                                                                                                                                                SHA1:D789EB689C091536EA6A01764BADA387841264CB
                                                                                                                                                                                                SHA-256:CF4068EBB5ECD47ADEC92AFBA943AEA4EB2FEE40871330D064B69770CCCB9E23
                                                                                                                                                                                                SHA-512:57D8AC613805EDADA6AEBA7B55417FD7D41C93913C56C4C2C1A8E8A28BBB7A05AADE6E02B70A798A078DC3C747967DA242C6922B342209874F3CAF7312670CB0
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........3.\K................META-INF/..PK........3.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........3.\K................org/..PK........3.\K................org/develnext/..PK........3.\K................org/develnext/jphp/..PK........3.\K................org/develnext/jphp/ext/..PK........3.\K................org/develnext/jphp/ext/gui/..PK........3.\K............#...org/develnext/jphp/ext/gui/desktop/..PK........3.\K............+...org/develnext/jphp/ext/gui/desktop/classes/..PK........3.\K.|wk.......6...org/develnext/jphp/ext/gui/desktop/classes/Mouse.class.SmO.A.~...^O....J..P..QQ.."&M*.0|2!.c)...n..../&F.....(..-.A..}f.yff......2..0e.&.m.B!....ha..<C.#..~..P....0VZ.+T.]W....&.^.r.b.....r.|.E....m..Z.+...R...V..k^.......<.....z_F.K. ....!|%..{`.Q.%..[..].(..}..XeHQ........h...S.i.!....*.a.i.(..F6..m.I...R...Yp.2[....C..))%.f...]..Mt7..Sm6...D.D......'.K3);i{.7..ER..5..'N'..73ip?&^.hoZ.up.....,.e.wq..}.W..`.+..g.%....|...S.....*......&t.
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):704689
                                                                                                                                                                                                Entropy (8bit):7.834558665203789
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:12288:sSn9gd/GXLtKb+Ozu5idmEfcHOPJZ7bw1kXn0yZLJZsDDpJSWB5qSEhQ:sMw/GXUb+euCVIOxRQIZOnuK
                                                                                                                                                                                                MD5:6696368A09C7F8FED4EA92C4E5238CEE
                                                                                                                                                                                                SHA1:F89C282E557D1207AFD7158B82721C3D425736A7
                                                                                                                                                                                                SHA-256:C25D7A7B8F0715729BCCB817E345F0FDD668DD4799C8DAB1A4DB3D6A37E7E3E4
                                                                                                                                                                                                SHA-512:0AB24F07F956E3CDCD9D09C3AA4677FF60B70D7A48E7179A02E4FF9C0D2C7A1FC51624C3C8A5D892644E9F36F84F7AAF4AA6D2C9E1C291C88B3CFF7568D54F76
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........gt]K................META-INF/..PK........0.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK......../.\K................org/..PK......../.\K................org/develnext/..PK......../.\K................org/develnext/jphp/..PK......../.\K................org/develnext/jphp/ext/..PK........gt]K................org/develnext/jphp/ext/javafx/..PK........gt]K............#...org/develnext/jphp/ext/javafx/bind/..PK........gt]K....V.......>...org/develnext/jphp/ext/javafx/bind/BoundsMemoryOperation.class.V[W.U..N..a....B[.Z...h-.....E.h.-.j..$.Hf..$....|...P}.k.e.k..\.33..&..b......g_f.....K.w..a.3.f..).W.0.va._(.R.....).5.......$.Z.#).*V.\U.&..)S*6.|....V..$.S..0.cKAZA..s.-1.......3N.3.IX6_.....bn.h%.p.fa.t-....[e........k....K...U3[3.,;c<p*v......\.),.`8..g.f...|,.8!.......:.w%..m..K./.0..."+%..U...l,!..Vla....1gW-.....ol..f./.Y.....x".(."..^.....i.k'zc.........e.9.@..0hs.4/.\...UW..?.m.X..%..O.s...N..S..{....0.;.f).owu.....yZ...[.h....
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):17135
                                                                                                                                                                                                Entropy (8bit):7.7352982443766
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:fSw3uFslDvQGOoqdoUFKgvXj9jmHo5+FejOcEDffWPvy:KwJlrQGOdoUFKgvTmn6y
                                                                                                                                                                                                MD5:FDE38932B12FC063451AF6613D4470CC
                                                                                                                                                                                                SHA1:BC08C114681A3AFC05FB8C0470776C3EAE2EEFEB
                                                                                                                                                                                                SHA-256:9967EA3C3D1AEE8DB5A723F714FBA38D2FC26D8553435AB0E1D4E123CD211830
                                                                                                                                                                                                SHA-512:0F211F81101CED5FFF466F2AAB0E6C807BB18B23BC4928FE664C60653C99FA81B34EDF5835FCC3AFFB34B0DF1FA61C73A621DF41355E4D82131F94FCC0B0E839
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........K.\K................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK..........[K................org/..PK..........[K................org/develnext/..PK..........[K................org/develnext/jphp/..PK........K.\K................org/develnext/jphp/json/..PK........K.\K............ ...org/develnext/jphp/json/classes/..PK........K.\K........5...5...org/develnext/jphp/json/classes/JsonProcessor$1.class..[S.@.....B..E.^.A..\B.C..Uf..":.8!Y.t..$...|.M?./:.....x...C.H3._.....nv......,6...(C"..$.R.c.......*..C.a.a.a.a.a.a.a.a.a.!.eXaXU.5m.?..H.1....i...r..v`.%.wt...Y...#^.t...6.9Ks]N.t..E......O-.......%..M^.G...tFA[.,....../k..{.....U..e.....d..kq.o{f....jf.......o.A..M..P.Om.r\..ns....k1..]._...c.+.;...u.,)R...u...6.!-.Q...h_.C....(,..O..!.M.r...;.... ....io.)^....5*".F!6L[..Fe.J....C..yuO....H............#.uE..}..;.W.\,..5rn=.|&......#<...C..Z..Ok...T..r".L\).]1.a(.J.9..[.$.1E.Y/j?.^:..{4.@S`....%.o...
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):1177648
                                                                                                                                                                                                Entropy (8bit):7.91949701328009
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:24576:cP4MBZrpGi4exQ9qdXVd/F/3yy7mgviLzIM:czHMi4eKCd/BzaLcM
                                                                                                                                                                                                MD5:D5EF47C915BEF65A63D364F5CF7CD467
                                                                                                                                                                                                SHA1:F711F3846E144DDDBFB31597C0C165BA8ADF8D6B
                                                                                                                                                                                                SHA-256:9C287472408857301594F8F7BDA108457F6FDAE6E25C87EC88DBF3012E5A98B6
                                                                                                                                                                                                SHA-512:04AEB956BFCD3BD23B540F9AD2D4110BB2FFD25FE899152C4B2E782DAA23A676DF9507078ECF1BFC409DDFBE2858AB4C4C324F431E45D8234E13905EB192BAE8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK..........\K................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK..........[K................php/..PK..........\K................php/runtime/..PK..........\K................php/runtime/annotation/..PK..........\K.~..........0...php/runtime/annotation/Reflection$Abstract.class.PMK.@...W.Xm...b...s..h..%FA<m..l7!....<...Q.[D.P....y..........8h:.u.'.>..4..H.@.WE..b}>..)p...f..e.XQW..H.g..;....O...O..E...Ts6n...b..Knp....?....n.d:!....|O.=.eB,*..#...z......@'yK..'..]~..u.Ieh..9.....J.,#.....S....._&p.vv[@....{.(q-....-F.sUB..6,|A.P.-[.a.....v...PK..........\K.RG=........+...php/runtime/annotation/Reflection$Arg.class.S[SRQ......./].L-%..X.[N..M.8........l.a....C?........p8k}.Z....?~.x...v-.-....W.`X..x...].<..o..JZ.....?...U.....6.W....=.....;P....P$.....:.-a..5.*.J8..N.z........1......m.e}...Z..Y.N...6...N.2..\4.CZS..Q..,..*......*W...i"S5.$...........Qz.r...Cf(. .fo....dZ.lH.M\.q?`.............vh
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):20151
                                                                                                                                                                                                Entropy (8bit):7.765220504812666
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:384:dti5BMxSo4LgAAsJilYcmwPbEM0Av7wGkJXbhS1OaVKD6U2:DqoCgqyIMZwRJLQO5eU2
                                                                                                                                                                                                MD5:0A79304556A1289AA9E6213F574F3B08
                                                                                                                                                                                                SHA1:7EE3BDE3B1777BF65D4F62CE33295556223A26CD
                                                                                                                                                                                                SHA-256:434E57FFFC7DF0B725C1D95CABAFDCDB83858CCB3E5E728A74D3CF33A0CA9C79
                                                                                                                                                                                                SHA-512:1560703D0C162D73C99CEF9E8DDC050362E45209CC8DEA6A34A49E2B6F99AAE462EAE27BA026BDB29433952B6696896BB96998A0F6AC0A3C1DBBB2F6EBC26A7E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK.........tVK................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........wkVK................org/..PK........wkVK................org/develnext/..PK........wkVK................org/develnext/jphp/..PK........wkVK................org/develnext/jphp/ext/..PK........wkVK................org/develnext/jphp/ext/xml/..PK........wkVK............#...org/develnext/jphp/ext/xml/classes/..PK........wkVKmw.>........@...org/develnext/jphp/ext/xml/classes/WrapDomDocument$Methods.class.R]S.@.=......R...!y!3.}..L...;".5.iS...f..O.....r.l...f$.9{..~.....'.W.q...9...}.NS.U/a...y......e.D".,.%h.pk....|.`BOh.P>..J.|.N...>...C..H...4./....E\.t....M.g..<...|..yC..`...1..k;.l.Vu.u..+.P...ro....N~...g..>..#..X.%...U.........n.fB.C..yw.KQ..;.g}..4..UmW.*E.d...T..P.|....Li..g..2..........8.5.%..Ez..[dw.M.H....pv..I6..p.&A..<gypE......r...i..9.{.@?...?|..Pw.........U.s..h...A....,..cp.K........W,...m..cp...........c<.....cK..;$x.....PK........w
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):97358
                                                                                                                                                                                                Entropy (8bit):7.9345189846943915
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:yZwgOueuKZ4THgWvLnhgmmJFgVn+nhEA1ODIrSrUricEDMrV+LAB:yZwgwuKmTDFgmmoVn+mAUhrUicRoAB
                                                                                                                                                                                                MD5:4BC2AEA7281E27BC91566377D0ED1897
                                                                                                                                                                                                SHA1:D02D897E8A8ACA58E3635C009A16D595A5649D44
                                                                                                                                                                                                SHA-256:4AEF566BBF3F0B56769A0C45275EBBF7894E9DDB54430C9DB2874124B7CEA288
                                                                                                                                                                                                SHA-512:DA35BB2F67BCA7527DC94E5A99A162180B2701DDCA2C688D9E0BE69876ACA7C48F192D0F03D431CCD2D8EEC55E0E681322B4F15EBA4DB29EF5557316E8E51E10
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK.........tVK................META-INF/..PK.........rNK................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........bkVK................org/..PK........bkVK................org/develnext/..PK........bkVK................org/develnext/jphp/..PK........bkVK................org/develnext/jphp/zend/..PK........ckVK................org/develnext/jphp/zend/ext/..PK........bkVK............!...org/develnext/jphp/zend/ext/json/..PK........bkVK.l.R........4...org/develnext/jphp/zend/ext/json/JsonConstants.class..]o.0......c]...k....!..@..u.4).[mWQ.F,S.Ti:!..K\!q...G!.M.^............;...j.2.8.O..@....dG.....A`...$......A...5..;B[.._.c.B......B`].u...[.J.D.,...f.A=.d..pv.lJ..h...t.s.cX.y...8?...b.g.[..Z.z..<...&..z....j...xiX..s...,...0J.\c..$PQ$..ym.m...x.;&.GwD....u.........".L .:.......~.@....f...tt.$.?..R6.?..I(x&f..pB...'..Ap....c...O.. .h.&q..p........O.~P.e..n..?..p....._a..E".Fi8.dh2...$...h..i..8I}.e.....C..YX....<....._F.*..|E.5.....zW..@.Tx.....+..@..
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=deflate
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):13213
                                                                                                                                                                                                Entropy (8bit):7.627776815487544
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:yXmigootuYzXKKk6BL8UUJY0eP6nHY2AJ4qxivXRp2gFyjSonqKLRM7RbEZ:Km0WzX7k6eJB06HZYwRzFyj0uRM7RbEZ
                                                                                                                                                                                                MD5:20F6F88989E806D23C29686B090F6190
                                                                                                                                                                                                SHA1:1FDB9A66BB5CA587C05D3159829A8780BB66C87D
                                                                                                                                                                                                SHA-256:9D5F06D539B91E98FD277FC01FD2F9AF6FEA58654E3B91098503B235A83ABB16
                                                                                                                                                                                                SHA-512:2798BB1DD0AA121CD766BD5B47D256B1A528E9DB83ED61311FA685F669B7F60898118AE8C69D2A30D746AF362B810B133103CBE426E0293DD2111ACA1B41CCEA
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK........1.\K................META-INF/..PK........1.\K................META-INF/MANIFEST.MF.M..LK-...K-*...R0.3......PK........1.\K................org/..PK........1.\K................org/develnext/..PK........1.\K................org/develnext/jphp/..PK........1.\K................org/develnext/jphp/ext/..PK........1.\K................org/develnext/jphp/ext/zip/..PK........1.\K............#...org/develnext/jphp/ext/zip/classes/..PK........1.\K..tp....B...6...org/develnext/jphp/ext/zip/classes/PZipException.class.SMo.@.}...../Z.@.iC(.X.....B....*U.....6[.k.vL......B.:.JPER.ffg.}3+....'.....5k....l.f^k..7.W.n.D.7...P&....84.2i.=....4.b..._.Z...R;<T.9W.....T.ok.E7......d)......cq.2..u...{...:../.D%b...:...R.........I....../TMx7a..b..|.Y..m.u8.~.G/.......P...cO...v.{fu.V...].hV..0...8x.......Qq{.%..,.G..i.FVP....w;h..,"....S..pf.1....Q....2f..'<..#.....6....fD.CBs:...K.B.OD..".?.+..l.>ms...y...;.[........YT8Z..8.5.qP.*..,..h./.-.K.....i..S....{...8Z....wpo...-.X..4p
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):41203
                                                                                                                                                                                                Entropy (8bit):7.855219741633254
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:768:CkwPhOR4PpSvw6vob5IJ9eoYUx7eBr9HDhzCZ+8ylnm1fjiUNcS5cXeK/7DaeR7g:CRPhOR4B0reWJYURuHN4ylnaeSI4
                                                                                                                                                                                                MD5:CAAFE376AFB7086DCBEE79F780394CA3
                                                                                                                                                                                                SHA1:DA76CA59F6A57EE3102F8F9BD9CEE742973EFA8A
                                                                                                                                                                                                SHA-256:18C4A0095D5C1DA6B817592E767BB23D29DD2F560AD74DF75FF3961DBDE25B79
                                                                                                                                                                                                SHA-512:5DD6271FD5B34579D8E66271BAB75C89BACA8B2EBEAA9966DE391284BD08F2D720083C6E0E1EDDA106ECF8A04E9A32116DE6873F0F88C19C049C0FE27E5D820B
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK..........pJ................META-INF/PK..........pJ..w0?...........META-INF/MANIFEST.MF}._O.0....;.....J2....a..F.o.v..tm.....&c..q.w.9'..Q..Y...q%..%.........x.`.g..|ol.ZH......l.hF...7...............Gw..2..'.1..<..F&../4.O..V......4..R....k...*.<.Un..h....ZR...B..Kn..u.L5o..~.kl{.........xJ......d.L...~D..O.Y.w..$..X.r...FI.3@Q/.q.>.ke,.S....C...|.:.C]...L...{.....K.....m.D.&..Cx.qk...j...PK........J.pJ................org/PK..........pJ................org/slf4j/PK..........pJ................org/slf4j/event/PK..........pJ................org/slf4j/helpers/PK..........pJ................org/slf4j/spi/PK..........pJ...^]...+...$...org/slf4j/event/EventConstants.class}.MO.@...........=.x...!!%i......6i../O&....(.l.../.y.wvf..........8..$..C...C}..F...P..^(LOLL7.Ir4.r.-].5...k....].=._...#.....CkM.q.[*...0U..l.......N.27..[.d.|......4p<.E/..F..r..g.;1.G.RL.g'd....VC..z......q.S.dP.?.f..H[.........'....Ck.g..i-..P8".|..6.p...+dp..........5..+k.A\X."..........e
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):15257
                                                                                                                                                                                                Entropy (8bit):7.804568217256536
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:192:wyBOIrDL/vJ0RWNML2NyWKr362ByOikGnqO5Vyb3Uab+UtJIdgihtqSXs:wyBnxxMLg7KrqU7Gnqrb3lhtuF/qS8
                                                                                                                                                                                                MD5:722BB90689AECC523E3FE317E1F0984B
                                                                                                                                                                                                SHA1:8DACF9514F0C707CBBCDD6FD699E8940D42FB54E
                                                                                                                                                                                                SHA-256:0966E86FFFA5BE52D3D9E7B89DD674D98A03EED0A454FBAF7C1BD9493BD9D874
                                                                                                                                                                                                SHA-512:D5EFFBFA105BCD615E56EF983075C9EF0F52BCFDBEFA3CE8CEA9550F25B859E48B32F2EC9AA7A305C6611A3BE5E0CDE0D269588D9C2897CA987359B77213331D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK..........pJ................META-INF/PK..........pJ.T..N...........META-INF/MANIFEST.MFuR]O.0.}_....`. ........%...L...............{>.97...6..^..L..u........e<..5:..3V@..xt..0#t.hF...3..7..U........Ww`.".'..b.)wDo.~.".f......f6.....XZ......?.X..;J#.+.8..Z..Z...i@-.%3.|.....u..N4;.....%g...g..R7....D,.......u..3..b.-I.j...{......))l....(.e.`.Ie...I.NR%^.fC<.U.......w....6.:.=[..........$.*..2.Yjsu....PK........K.pJ................org/PK........K.pJ................org/slf4j/PK........K.pJ................org/slf4j/impl/PK........K.pJ.._.........#...org/slf4j/impl/OutputChoice$1.class..mO.P...w+.6+..4yP.....t........f. 1. ]w..v.Z.O.k51..>.o.F.s..$(.I.?.wn.97.......@..,.c&.,f3.....qC.M!.Bn..-cQ.........5(.A.0t.T...`...Q8..Z.wl~.Z...!..`H?.].s.g..bi.A...Z.2..oE.m....K.....k....`..c.3.......|3.{u...=....C.....uG$L.....^.g....<.....2.........`UA.....[)./>..y .!V..i(Z<.M.E;1.........Z.!.2....v..!...E.V.jqz...P..r#.R,...)G....~s..P>w..t..r..o.....&k.....?.q3..0
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):105007
                                                                                                                                                                                                Entropy (8bit):7.8886535210991395
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:Dxpeuv7xOoWmvqcQurq8vGDTRAi5yRdPPl/CJqM9ggS3OIrBTH6x0:Fguv7cfmJrUOiYRbXMbS3Ooox0
                                                                                                                                                                                                MD5:0FD8BC4F0F2E37FEB1EFC474D037AF55
                                                                                                                                                                                                SHA1:ADD8FFACE4C1936787EB4BFFE4EA944A13467D53
                                                                                                                                                                                                SHA-256:1E31EF3145D1E30B31107B7AFC4A61011EBCA99550DCE65F945C2EA4CCAC714B
                                                                                                                                                                                                SHA-512:29DE5832DB5B43FDC99BB7EA32A7359441D6CF5C05561DD0A6960B33078471E4740EE08FFBD97A5CED4B7DD9CC98FAD6ADD43EDB4418BF719F90F83C58188149
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:PK.........E?J................META-INF/PK.........E?J&.x~i...........META-INF/MANIFEST.MF.M..LK-...K-*...R0.3..r,J..,K-B...V..+.$x...R.KRSt.*......3R.|..R.x..J3sJ..%.....E...]..l...z.....\.\.PK.........E?J................org/PK.........E?J................org/zeroturnaround/PK.........E?J................org/zeroturnaround/zip/PK.........E?J................org/zeroturnaround/zip/commons/PK.........E?J................org/zeroturnaround/zip/extra/PK.........E?J............"...org/zeroturnaround/zip/timestamps/PK.........E?J............!...org/zeroturnaround/zip/transform/PK.........E?J............'...org/zeroturnaround/zip/ByteSource.class.U.W.U..6.l..B.7...`H..`.-.. ..g[(.b.%....q...../..G_.9.<rN.Oz...?.77.4=.;s....|w....}..2.60.....#..........!.,.X....$r".x ...?.....-x(bU.#...X...@..u|b...8...4..D.....#...d...Z.w..V.`.......&4D7.|..!.>IG..5h..^..%......`...&.9..y....N..oj.L...>9.J.)w.X..N.^..n...Q.%.7o.V-.y`l...fqq..........hyn....wJ.If..V...........r..]..Z....1..5...
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):80968
                                                                                                                                                                                                Entropy (8bit):7.4182780858750075
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:1536:RZ2FWSNhd/4131iae+a0jnLjujUi1QqJ6cF3PK:z2ddQ131iae+HjPujfJ6E3
                                                                                                                                                                                                MD5:C9C4AC12004CC6B946CB7D49B5EB5EE5
                                                                                                                                                                                                SHA1:7E738B153194C9F54AAC1B433F8E7EFFF3BEAFD5
                                                                                                                                                                                                SHA-256:4A010C5ABE2F5BB4DD6F31B03058BC1847E985A95A68D4E1BF0FB20C030C2307
                                                                                                                                                                                                SHA-512:C324685C6A15299504C62724C3C465B28027E93269D1DF325921AC3F9A531A60DE4C6A0D1775CE0C4365717497146B7360B36B1B87C1D1BAE6ACC0E1ADC68664
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...y:.f.................b........................@.................................|.....@... ..............................0.......@..................H&...........................................................2...............................text....`.......b.................. .0`.data...@............f..............@.0..rdata...............h..............@.0@.bss....0.............................0..idata.......0.......n..............@.0..rsrc........@.......z..............@.0.................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):209920
                                                                                                                                                                                                Entropy (8bit):6.447659228395253
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3072:tScXkSa4E7uzTK+NbkuO2DcUC1myXxskH9Xq4fa2KbDI0lSmb9D:Q7sO+EZ9LH2j7Mmb9
                                                                                                                                                                                                MD5:A5FFDCF45D3D123139C49017B22F444E
                                                                                                                                                                                                SHA1:7B3D3D293F9A34570FC91500A6580496147C7658
                                                                                                                                                                                                SHA-256:8F49245444B02BF0E103C5A5850A0B2FB1F2880C917261D146E3B8BC3C166E40
                                                                                                                                                                                                SHA-512:5FF195A70825EFCED761ACEEEC5A6F0D0E18C1A4074482F584EFABEF7166C957C728D71D6185E3487A1405C608D820EFA4E07C584D60A8D51625E5D8A9A89397
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n..a*..2*..2*..2..3 ..2..3...2x.3...2x.3:..2x.3?..2..3?..2..3-..2*..2...2..3v..2..3+..2..^2+..2*.62+..2..3+..2Rich*..2................PE..L...?..b.........."!.....`...................p............................................@......................... ...........<....p.. .......................0 ......p...........................`...@............p..t............................text....^.......`.................. ..`.rdata.......p.......d..............@..@.data...dV..........................@....rsrc... ....p......................@..@.reloc..0 ......."..................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):162168468
                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                MD5:2DBC0818CDB52345791955E058A40132
                                                                                                                                                                                                SHA1:3CEC7455FB8C8F57FABA2B065BA7BEEBCECBA565
                                                                                                                                                                                                SHA-256:896FBF58598F1376DC47013E0CCDF5422A54C28460F858ABD25B871DC02D5509
                                                                                                                                                                                                SHA-512:8173DAE9455BD4D200E0C5D3A25014AA879FF3FC9A9001C02F91BB0F1EA10D226BFFD6C8E19BA2F7A37A646749E82C5A70CF62A7C461660A188343C8A19E77CB
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):45
                                                                                                                                                                                                Entropy (8bit):0.9111711733157262
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:C8366AE350E7019AEFC9D1E6E6A498C6
                                                                                                                                                                                                SHA1:5731D8A3E6568A5F2DFBBC87E3DB9637DF280B61
                                                                                                                                                                                                SHA-256:11E6ACA8E682C046C83B721EEB5C72C5EF03CB5936C60DF6F4993511DDC61238
                                                                                                                                                                                                SHA-512:33C980D5A638BFC791DE291EBF4B6D263B384247AB27F261A54025108F2F85374B579A026E545F81395736DD40FA4696F2163CA17640DD47F1C42BC9971B18CD
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:........................................J2SE.
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {9E5A5A93-AA4B-491F-8520-6B9F3DD0B637}, Number of Words: 0, Subject: SkimarUtils, Author: ConsolHQ LTD, Name of Creating Application: SkimarUtils, Template: ;1033, Comments: This installer database contains the logic and data required to install SkimarUtils., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2200576
                                                                                                                                                                                                Entropy (8bit):6.506405579964953
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:C2E4DA52A0E51351A61445475FDA6E6F
                                                                                                                                                                                                SHA1:AB0717F603BB9B9BFF7AFA338589B1E3F62D1ABD
                                                                                                                                                                                                SHA-256:860CE0959BE9B74933133514CC70D382F6C24B512F7920CEEAC4F91F190D5471
                                                                                                                                                                                                SHA-512:137CD9796F2E4B79B154ACAFA3665D7C2EA1F0F473E44C5C403DD90A71D58506E1803DDEB339CEE0C6EAB83D860AF3B2A20C36E8889804ECFDFCEE310A2E0EF8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:......................>..................."...................................f...............................0...1...2...3...4...5...6...7...8...9...:...;...<...=...B...C...D...E...F...G...H...I...J...................................................................................................................................................................................................................................................................................................................................M...............................:...;........................................................................... ...!..."...#...$...%...&...'...(...)...*...4...,...-......./...0...1...2...3.......5...6...7...8...9...<...B...F...=...>...?...@...A...E...C...D...K.......G...H...I...J.......L...N..._...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^...`...*...a...b...c...d...e...........h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {9E5A5A93-AA4B-491F-8520-6B9F3DD0B637}, Number of Words: 0, Subject: SkimarUtils, Author: ConsolHQ LTD, Name of Creating Application: SkimarUtils, Template: ;1033, Comments: This installer database contains the logic and data required to install SkimarUtils., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):2200576
                                                                                                                                                                                                Entropy (8bit):6.506405579964953
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:C2E4DA52A0E51351A61445475FDA6E6F
                                                                                                                                                                                                SHA1:AB0717F603BB9B9BFF7AFA338589B1E3F62D1ABD
                                                                                                                                                                                                SHA-256:860CE0959BE9B74933133514CC70D382F6C24B512F7920CEEAC4F91F190D5471
                                                                                                                                                                                                SHA-512:137CD9796F2E4B79B154ACAFA3665D7C2EA1F0F473E44C5C403DD90A71D58506E1803DDEB339CEE0C6EAB83D860AF3B2A20C36E8889804ECFDFCEE310A2E0EF8
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:......................>..................."...................................f...............................0...1...2...3...4...5...6...7...8...9...:...;...<...=...B...C...D...E...F...G...H...I...J...................................................................................................................................................................................................................................................................................................................................M...............................:...;........................................................................... ...!..."...#...$...%...&...'...(...)...*...4...,...-......./...0...1...2...3.......5...6...7...8...9...<...B...F...=...>...?...@...A...E...C...D...K.......G...H...I...J.......L...N..._...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^...`...*...a...b...c...d...e...........h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):46427
                                                                                                                                                                                                Entropy (8bit):5.545094737527665
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:F15590747D81C1BD9E526950AB074FB0
                                                                                                                                                                                                SHA1:6FFFE4BB327E8391F489A326EEDBC2E3EFBCAD83
                                                                                                                                                                                                SHA-256:9A8038E4429F5F57D4CFA250182EA4EAC88E2FA94924A6729CC2E7FBF75CEE91
                                                                                                                                                                                                SHA-512:CD2CE05BB521531FC475F4D48D819DF5D5F858EDD8B0FB85F110A828F204740013AFEF73F03B83EF378C964C0ACC00AF12E8AB1B51F338BC03F8B67A6988DB57
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:...@IXOS.@.....@o!mY.@.....@.....@.....@.....@.....@......&.{0CD4A799-CA89-4B58-9969-139C252455D3}..SkimarUtils..Installer.msi.@.....@.....@.....@........&.{9E5A5A93-AA4B-491F-8520-6B9F3DD0B637}.....@.....@.....@.....@.......@.....@.....@.......@......SkimarUtils......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@n....@.....@.]....&.{A4B5561E-C0B0-4A06-996C-584D1AED0553}0.C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\.@.......@.....@.....@......&.{9BF76B24-4141-4DDD-9E2E-CC0FD61FF350}-.02:\Software\ConsolHQ LTD\SkimarUtils\Version.@.......@.....@.....@......&.{D13CA23A-8685-42AD-97E5-680E1405D614}e.02:\Software\Caphyon\Advanced Installer\LZMA\{0CD4A799-CA89-4B58-9969-139C252455D3}\1.12.3\AI_ExePath.@.......@.....@.....@......&.{9002F2BB-DA33-4DB4-884D-6143E3EB4E52}<.C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\run-file.exe.@.......@.....@.....@......&.{74A4FEEF-EF68-46FA-
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):453088
                                                                                                                                                                                                Entropy (8bit):6.413087895399404
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:FBC6CCCA9154D017D647938190E4AD8D
                                                                                                                                                                                                SHA1:E753F1511F27427616E98762BA2F45D67C3D90D4
                                                                                                                                                                                                SHA-256:D0C9F193D5FB108035C24CD16495D8471295C8AE4A507CC939DCD3C31ED70836
                                                                                                                                                                                                SHA-512:D72A7B6BE718E09B0B6B2A6C32888FB29BBE34D34D1965CCE017162224DB20D4BADAAE507244E16E7A72B84A15139FC9CB6EA703925666906F73420684E0D49D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.b7...d...d...d..e...d..e...dQ..e...dQ..e...dQ..eK..d..e...d..e...d..e...d...dP..d...eV..d...e...d...d...d..d...d...e...dRich...d................PE..L......b.........."!.........R.......................................................-....@.........................._.......f..........0........................L..H...p...............................@...............4............................text............................... ..`.rdata..............................@..@.data....!...........j..............@....rsrc...0............|..............@..@.reloc...L.......N..................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):453088
                                                                                                                                                                                                Entropy (8bit):6.413087895399404
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:FBC6CCCA9154D017D647938190E4AD8D
                                                                                                                                                                                                SHA1:E753F1511F27427616E98762BA2F45D67C3D90D4
                                                                                                                                                                                                SHA-256:D0C9F193D5FB108035C24CD16495D8471295C8AE4A507CC939DCD3C31ED70836
                                                                                                                                                                                                SHA-512:D72A7B6BE718E09B0B6B2A6C32888FB29BBE34D34D1965CCE017162224DB20D4BADAAE507244E16E7A72B84A15139FC9CB6EA703925666906F73420684E0D49D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.b7...d...d...d..e...d..e...dQ..e...dQ..e...dQ..eK..d..e...d..e...d..e...d...dP..d...eV..d...e...d...d...d..d...d...e...dRich...d................PE..L......b.........."!.........R.......................................................-....@.........................._.......f..........0........................L..H...p...............................@...............4............................text............................... ..`.rdata..............................@..@.data....!...........j..............@....rsrc...0............|..............@..@.reloc...L.......N..................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):453088
                                                                                                                                                                                                Entropy (8bit):6.413087895399404
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:FBC6CCCA9154D017D647938190E4AD8D
                                                                                                                                                                                                SHA1:E753F1511F27427616E98762BA2F45D67C3D90D4
                                                                                                                                                                                                SHA-256:D0C9F193D5FB108035C24CD16495D8471295C8AE4A507CC939DCD3C31ED70836
                                                                                                                                                                                                SHA-512:D72A7B6BE718E09B0B6B2A6C32888FB29BBE34D34D1965CCE017162224DB20D4BADAAE507244E16E7A72B84A15139FC9CB6EA703925666906F73420684E0D49D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.b7...d...d...d..e...d..e...dQ..e...dQ..e...dQ..eK..d..e...d..e...d..e...d...dP..d...eV..d...e...d...d...d..d...d...e...dRich...d................PE..L......b.........."!.........R.......................................................-....@.........................._.......f..........0........................L..H...p...............................@...............4............................text............................... ..`.rdata..............................@..@.data....!...........j..............@....rsrc...0............|..............@..@.reloc...L.......N..................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):919520
                                                                                                                                                                                                Entropy (8bit):6.451407326378623
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:064278F42704CDCE52C8C527CF9AFBC7
                                                                                                                                                                                                SHA1:007C2A1C946EB62886AC26ADFC7C6B41EECD4D41
                                                                                                                                                                                                SHA-256:070155314AE1035E0A74729231EA97053744EC3B0D5E8D8AF0D000448924D5A9
                                                                                                                                                                                                SHA-512:9D7AE27229317F07CFD051AB8A7E4E7AC4071593FB0329BFF21CFB812086CA00CFFEBBC950A4849C233D8B2EE3D306E9A3338415DEB48CEE09C5B94704A01A70
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........M...#S..#S..#S]. R..#S].&R;.#S.'R..#S. R..#S.&R..#S].'R..#S]."R..#S.."S..#S2.*R..#S2.#R..#S2..S..#S..S..#S2.!R..#SRich..#S........PE..L...P..b.........."!.....X...................p...............................@......{9....@.........................`A..t....A.......0.......................@..L...(...p...............................@............p...............................text...nV.......X.................. ..`.rdata.......p.......\..............@..@.data...<....`.......@..............@....rsrc........0......................@..@.reloc..L....@......................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):453088
                                                                                                                                                                                                Entropy (8bit):6.413087895399404
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:FBC6CCCA9154D017D647938190E4AD8D
                                                                                                                                                                                                SHA1:E753F1511F27427616E98762BA2F45D67C3D90D4
                                                                                                                                                                                                SHA-256:D0C9F193D5FB108035C24CD16495D8471295C8AE4A507CC939DCD3C31ED70836
                                                                                                                                                                                                SHA-512:D72A7B6BE718E09B0B6B2A6C32888FB29BBE34D34D1965CCE017162224DB20D4BADAAE507244E16E7A72B84A15139FC9CB6EA703925666906F73420684E0D49D
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.b7...d...d...d..e...d..e...dQ..e...dQ..e...dQ..eK..d..e...d..e...d..e...d...dP..d...eV..d...e...d...d...d..d...d...e...dRich...d................PE..L......b.........."!.........R.......................................................-....@.........................._.......f..........0........................L..H...p...............................@...............4............................text............................... ..`.rdata..............................@..@.data....!...........j..............@....rsrc...0............|..............@..@.reloc...L.......N..................@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):612320
                                                                                                                                                                                                Entropy (8bit):6.4323838389156975
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:0C6BF1C874893DCC42F172BBF42ECFBF
                                                                                                                                                                                                SHA1:72B34F84B5394945D57838D9336DCA9A96F7746C
                                                                                                                                                                                                SHA-256:B688BDC73468311174DFD678A13D3B3533606F5C54EECDE5D3B0D3E436E9C6EF
                                                                                                                                                                                                SHA-512:2CF7C9484AD7C8843F4083F2CAECA761702933029F497D2D58CA1711C755691B4A6829087C5C389E9FA3497A4C34E6EFA48B7589F4EEC09924E01DF8546A8480
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.>...P...P...P..S...P..U...P.Z.T...P.Z.S...P..T...P.Z.U.\.P..V...P..Q...P...Q.O.P...Y.O.P...P...P.......P......P...R...P.Rich..P.........PE..L......b.........."!................I|...............................................0....@.............................................h............>....... ...]......p...............................@...................\...@....................text............................... ..`.rdata..d...........................@..@.data...0"..........................@....rsrc...h...........................@..@.reloc...]... ...^..................@..B........................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):36864
                                                                                                                                                                                                Entropy (8bit):4.442995488854921
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:E31727001B63F448C3C00DBB27994179
                                                                                                                                                                                                SHA1:F11EF3D090CE9B562A6C07C4D657EFE64B581669
                                                                                                                                                                                                SHA-256:8024244BF4551F8DA2959F1DE4E187ED1D8C022A80BB31005C1C6B352C6D53EF
                                                                                                                                                                                                SHA-512:299D1D877A2CC7DEE7D784321CDF508B134B734B2F5525E7B4FB9DE2D891D1323CD5A81DAAD418FC151C45011DDEBBB5AB3F0A0D7B97F8E4D76A901CCDA9A492
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                Entropy (8bit):1.667520128868237
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:7193837FE2E4E00AE79F3F3D8AE84955
                                                                                                                                                                                                SHA1:3667179EC9BBB494373066FBA9A87BEA6C52A638
                                                                                                                                                                                                SHA-256:F2B483D423ED02C68C78BA614A98FAE1EB746548774C9E1CA4BAA3AEE86B422C
                                                                                                                                                                                                SHA-512:A8608BFB3D8DD763132D80131EA0B2FC60AB8BAAF085F46B9051500069CF24396C4EBF06EB4E31BE5E145CE002F73F400DBF11B6DC681963E20CF15487819F3E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):432221
                                                                                                                                                                                                Entropy (8bit):5.375161659756032
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:9382DF1AD05C15BA81B89DA9922841A6
                                                                                                                                                                                                SHA1:D2929807F426B26EC9F08A10B1A248326266D33E
                                                                                                                                                                                                SHA-256:A75D59AE24BAF0554C2D76DC741C599ABCCB64A6B83ACF9B8009B5BA392168BB
                                                                                                                                                                                                SHA-512:D524351D71383D46FA86D6EF0A53F6559C6A7E05C795B4543611AA6818CBC7CA204F2FCF2CB16ED2686BE7960A44AB20A7F4AA224FF67D2D4B33665156C93BD2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                Entropy (8bit):1.667520128868237
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:7193837FE2E4E00AE79F3F3D8AE84955
                                                                                                                                                                                                SHA1:3667179EC9BBB494373066FBA9A87BEA6C52A638
                                                                                                                                                                                                SHA-256:F2B483D423ED02C68C78BA614A98FAE1EB746548774C9E1CA4BAA3AEE86B422C
                                                                                                                                                                                                SHA-512:A8608BFB3D8DD763132D80131EA0B2FC60AB8BAAF085F46B9051500069CF24396C4EBF06EB4E31BE5E145CE002F73F400DBF11B6DC681963E20CF15487819F3E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                Entropy (8bit):1.3271326977193079
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:8ABA27D288D32A7F8989773F6FE75493
                                                                                                                                                                                                SHA1:C1030216D96734AF496951A9DB2146F17BA5C86E
                                                                                                                                                                                                SHA-256:7134B1E2E90BE051FDAC2F3ED851BFB316DCDEEDD06AF7C1E7BA5E0EE6837400
                                                                                                                                                                                                SHA-512:FBDA898AFA9D73FA994E859C9D5676FB390EB38CD028F2E8B11D162EAFBCD7CB9F3BFF2D26280E4082051AC20D42BD57FD70BC8008FDA96EDDF80F4CB7DBE299
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):73728
                                                                                                                                                                                                Entropy (8bit):0.17513934444681856
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:310ADA87082764502869D4B1987199ED
                                                                                                                                                                                                SHA1:E535A62DAA0E9A16A244714D089AF7EAA56F50B6
                                                                                                                                                                                                SHA-256:C065D54DAFEEF271F8152D7897C77EE7B315002B002E7288DD4A7BE534B4B7E5
                                                                                                                                                                                                SHA-512:8E9D681D911D6072E1D0636D000E7144C2F7F92329E6E7941850B97CFEB1DD5C8807202FE9B66C959CF36A68934679AA5F871A95FA632C7D14D36D11F983CDD2
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                Entropy (8bit):1.3271326977193079
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:8ABA27D288D32A7F8989773F6FE75493
                                                                                                                                                                                                SHA1:C1030216D96734AF496951A9DB2146F17BA5C86E
                                                                                                                                                                                                SHA-256:7134B1E2E90BE051FDAC2F3ED851BFB316DCDEEDD06AF7C1E7BA5E0EE6837400
                                                                                                                                                                                                SHA-512:FBDA898AFA9D73FA994E859C9D5676FB390EB38CD028F2E8B11D162EAFBCD7CB9F3BFF2D26280E4082051AC20D42BD57FD70BC8008FDA96EDDF80F4CB7DBE299
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                Entropy (8bit):1.667520128868237
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:7193837FE2E4E00AE79F3F3D8AE84955
                                                                                                                                                                                                SHA1:3667179EC9BBB494373066FBA9A87BEA6C52A638
                                                                                                                                                                                                SHA-256:F2B483D423ED02C68C78BA614A98FAE1EB746548774C9E1CA4BAA3AEE86B422C
                                                                                                                                                                                                SHA-512:A8608BFB3D8DD763132D80131EA0B2FC60AB8BAAF085F46B9051500069CF24396C4EBF06EB4E31BE5E145CE002F73F400DBF11B6DC681963E20CF15487819F3E
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                Entropy (8bit):1.3271326977193079
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:8ABA27D288D32A7F8989773F6FE75493
                                                                                                                                                                                                SHA1:C1030216D96734AF496951A9DB2146F17BA5C86E
                                                                                                                                                                                                SHA-256:7134B1E2E90BE051FDAC2F3ED851BFB316DCDEEDD06AF7C1E7BA5E0EE6837400
                                                                                                                                                                                                SHA-512:FBDA898AFA9D73FA994E859C9D5676FB390EB38CD028F2E8B11D162EAFBCD7CB9F3BFF2D26280E4082051AC20D42BD57FD70BC8008FDA96EDDF80F4CB7DBE299
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):45056
                                                                                                                                                                                                Entropy (8bit):3.306132168056597
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:2896CC2242093D4DC9727485AC2BFA69
                                                                                                                                                                                                SHA1:AC22536910A078827D6169B3DB4BEC18BC2A0B7B
                                                                                                                                                                                                SHA-256:AA155DCD04ED2F9288F642668F108C97CA807D1905D63803C8D153AF9227D49D
                                                                                                                                                                                                SHA-512:4D293DC6BCA5B54FF91B0E4B1E7376F2BAB026C17F251A00D0496844C5A1A0983D2D2225F2DC2B2FA8FBD15CA305198FD213FAADBC9C6F9BD5EF0C8080C85322
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                SSDEEP:
                                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                Entropy (8bit):7.976621129322987
                                                                                                                                                                                                TrID:
                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                File name:AYoF5MX6wK.exe
                                                                                                                                                                                                File size:49'198'887 bytes
                                                                                                                                                                                                MD5:5df362988683370bcca17fbaf194632a
                                                                                                                                                                                                SHA1:0bc2030d02e19b1d0a1d9d2a4a410169c9485ce8
                                                                                                                                                                                                SHA256:8702696887f8dd78d3d9df8b7335f4cc03e541774630b77ecd84b72d57da234f
                                                                                                                                                                                                SHA512:bb7c10e94d6bdbf67c223ea57336e70696171330ddc008adc79362b1655d8fe5f0b50253203f30b07180e3f269f7a9809e79114dc1fa7c96038673e31d97dc57
                                                                                                                                                                                                SSDEEP:786432:KVfExzYbFwhkPMvMGp+X7l+AOeMlcft9qjpsP7qLr3HbpGwCTPxtYVqbqR0/pNj9:fUBowMvMl+ot9Wpsz2rXbpDCTptDJx+W
                                                                                                                                                                                                TLSH:38B72330364AC52BDA6615B0293C9A9F552D7E750B71A8C7B3CC2D2E1BB49C34732E27
                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............{...{...{.3.x...{.3.~.X.{.3.}...{.......{...x...{...~...{.3.....{.3.z...{.3.|...{...z.8.{.\.r...{.\.....{.......{.\.y...{
                                                                                                                                                                                                Icon Hash:9713331b4d3b2f0c
                                                                                                                                                                                                Entrypoint:0x596c64
                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                Time Stamp:0x6213B2EE [Mon Feb 21 15:42:38 2022 UTC]
                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                OS Version Major:6
                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                File Version Major:6
                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                Subsystem Version Major:6
                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                Import Hash:836688c7d21e39394af41ce9a8c2d728
                                                                                                                                                                                                Instruction
                                                                                                                                                                                                call 00007F6EB4DA203Dh
                                                                                                                                                                                                jmp 00007F6EB4DA17DFh
                                                                                                                                                                                                mov ecx, dword ptr [ebp-0Ch]
                                                                                                                                                                                                mov dword ptr fs:[00000000h], ecx
                                                                                                                                                                                                pop ecx
                                                                                                                                                                                                pop edi
                                                                                                                                                                                                pop edi
                                                                                                                                                                                                pop esi
                                                                                                                                                                                                pop ebx
                                                                                                                                                                                                mov esp, ebp
                                                                                                                                                                                                pop ebp
                                                                                                                                                                                                push ecx
                                                                                                                                                                                                ret
                                                                                                                                                                                                mov ecx, dword ptr [ebp-10h]
                                                                                                                                                                                                xor ecx, ebp
                                                                                                                                                                                                call 00007F6EB4DA0E33h
                                                                                                                                                                                                jmp 00007F6EB4DA1942h
                                                                                                                                                                                                push eax
                                                                                                                                                                                                push dword ptr fs:[00000000h]
                                                                                                                                                                                                lea eax, dword ptr [esp+0Ch]
                                                                                                                                                                                                sub esp, dword ptr [esp+0Ch]
                                                                                                                                                                                                push ebx
                                                                                                                                                                                                push esi
                                                                                                                                                                                                push edi
                                                                                                                                                                                                mov dword ptr [eax], ebp
                                                                                                                                                                                                mov ebp, eax
                                                                                                                                                                                                mov eax, dword ptr [0069E01Ch]
                                                                                                                                                                                                xor eax, ebp
                                                                                                                                                                                                push eax
                                                                                                                                                                                                push dword ptr [ebp-04h]
                                                                                                                                                                                                mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                                                                                                                lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                mov dword ptr fs:[00000000h], eax
                                                                                                                                                                                                ret
                                                                                                                                                                                                push eax
                                                                                                                                                                                                push dword ptr fs:[00000000h]
                                                                                                                                                                                                lea eax, dword ptr [esp+0Ch]
                                                                                                                                                                                                sub esp, dword ptr [esp+0Ch]
                                                                                                                                                                                                push ebx
                                                                                                                                                                                                push esi
                                                                                                                                                                                                push edi
                                                                                                                                                                                                mov dword ptr [eax], ebp
                                                                                                                                                                                                mov ebp, eax
                                                                                                                                                                                                mov eax, dword ptr [0069E01Ch]
                                                                                                                                                                                                xor eax, ebp
                                                                                                                                                                                                push eax
                                                                                                                                                                                                mov dword ptr [ebp-10h], eax
                                                                                                                                                                                                push dword ptr [ebp-04h]
                                                                                                                                                                                                mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                                                                                                                lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                mov dword ptr fs:[00000000h], eax
                                                                                                                                                                                                ret
                                                                                                                                                                                                push eax
                                                                                                                                                                                                push dword ptr fs:[00000000h]
                                                                                                                                                                                                lea eax, dword ptr [esp+0Ch]
                                                                                                                                                                                                sub esp, dword ptr [esp+0Ch]
                                                                                                                                                                                                push ebx
                                                                                                                                                                                                push esi
                                                                                                                                                                                                push edi
                                                                                                                                                                                                mov dword ptr [eax], ebp
                                                                                                                                                                                                mov ebp, eax
                                                                                                                                                                                                mov eax, dword ptr [0069E01Ch]
                                                                                                                                                                                                xor eax, ebp
                                                                                                                                                                                                push eax
                                                                                                                                                                                                mov dword ptr [ebp-10h], esp
                                                                                                                                                                                                push dword ptr [ebp-04h]
                                                                                                                                                                                                mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                                                                                                                lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                mov dword ptr fs:[00000000h], eax
                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x29cb940x28.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x2a70000x3d564.rsrc
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x2e50000x256bc.reloc
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x2467780x70.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x2468000x18.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x219f380x40.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x2180000x2c0.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x299f880x260.rdata
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                .text0x10000x216c3f0x216e00b670db57563315716440578ee99e5466unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .rdata0x2180000x85b8c0x85c0059a6fbcfc1f150b26bf16fdd47452e43False0.3120947721962617data4.605894063170113IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .data0x29e0000x89f00x6a001cea180402edcf39ea7c6193312cce32False0.14180424528301888DOS executable (block device driver 0aY)2.8670521481443174IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                .rsrc0x2a70000x3d5640x3d600e7d02ce3727ddc83544486f0bf581520False0.2636161850814664data5.855843008118312IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                .reloc0x2e50000x256bc0x2580008f0f06260e93e98732bfb4145f07ccaFalse0.446171875data6.512576488264422IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                IMAGE_FILE0x2a7bf00x6ISO-8859 text, with no line terminatorsEnglishUnited States2.1666666666666665
                                                                                                                                                                                                IMAGE_FILE0x2a7bf80x6ISO-8859 text, with no line terminatorsEnglishUnited States2.1666666666666665
                                                                                                                                                                                                RTF_FILE0x2a7c000x2e9Rich Text Format data, version 1, ANSI, code page 1252EnglishUnited States0.5503355704697986
                                                                                                                                                                                                RTF_FILE0x2a7eec0xa1Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033EnglishUnited States0.906832298136646
                                                                                                                                                                                                RT_BITMAP0x2a7f900x13eDevice independent bitmap graphic, 32 x 16 x 4, image size 258, resolution 2834 x 2834 px/m, 5 important colorsEnglishUnited States0.25471698113207547
                                                                                                                                                                                                RT_BITMAP0x2a80d00x828Device independent bitmap graphic, 32 x 16 x 32, image size 0EnglishUnited States0.03017241379310345
                                                                                                                                                                                                RT_BITMAP0x2a88f80x48a8Device independent bitmap graphic, 290 x 16 x 32, image size 0EnglishUnited States0.11881720430107527
                                                                                                                                                                                                RT_BITMAP0x2ad1a00xa6aDevice independent bitmap graphic, 320 x 16 x 4, image size 2562, resolution 2834 x 2834 px/mEnglishUnited States0.21680420105026257
                                                                                                                                                                                                RT_BITMAP0x2adc0c0x152Device independent bitmap graphic, 32 x 16 x 4, image size 258, resolution 2834 x 2834 px/m, 10 important colorsEnglishUnited States0.5295857988165681
                                                                                                                                                                                                RT_BITMAP0x2add600x828Device independent bitmap graphic, 32 x 16 x 32, image size 0EnglishUnited States0.4875478927203065
                                                                                                                                                                                                RT_ICON0x2ae5880x7c5aPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9958534899792675
                                                                                                                                                                                                RT_ICON0x2b61e40x10828Device independent bitmap graphic, 128 x 256 x 32, image size 0EnglishUnited States0.142848692771797
                                                                                                                                                                                                RT_ICON0x2c6a0c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.29470954356846474
                                                                                                                                                                                                RT_ICON0x2c8fb40x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.3621013133208255
                                                                                                                                                                                                RT_ICON0x2ca05c0x988Device independent bitmap graphic, 24 x 48 x 32, image size 0EnglishUnited States0.45819672131147543
                                                                                                                                                                                                RT_MENU0x2ca9e40x5cdataEnglishUnited States0.8478260869565217
                                                                                                                                                                                                RT_MENU0x2caa400x2adataEnglishUnited States1.0714285714285714
                                                                                                                                                                                                RT_DIALOG0x2caa6c0xacdataEnglishUnited States0.7151162790697675
                                                                                                                                                                                                RT_DIALOG0x2cab180x2a6dataEnglishUnited States0.5132743362831859
                                                                                                                                                                                                RT_DIALOG0x2cadc00x3b4dataEnglishUnited States0.43248945147679324
                                                                                                                                                                                                RT_DIALOG0x2cb1740xbcdataEnglishUnited States0.7180851063829787
                                                                                                                                                                                                RT_DIALOG0x2cb2300x204dataEnglishUnited States0.560077519379845
                                                                                                                                                                                                RT_DIALOG0x2cb4340x282dataEnglishUnited States0.48598130841121495
                                                                                                                                                                                                RT_DIALOG0x2cb6b80xccdataEnglishUnited States0.6911764705882353
                                                                                                                                                                                                RT_DIALOG0x2cb7840x146dataEnglishUnited States0.5736196319018405
                                                                                                                                                                                                RT_DIALOG0x2cb8cc0x226dataEnglishUnited States0.4690909090909091
                                                                                                                                                                                                RT_DIALOG0x2cbaf40x388dataEnglishUnited States0.45464601769911506
                                                                                                                                                                                                RT_DIALOG0x2cbe7c0x1b4dataEnglishUnited States0.5458715596330275
                                                                                                                                                                                                RT_DIALOG0x2cc0300x136dataEnglishUnited States0.6064516129032258
                                                                                                                                                                                                RT_DIALOG0x2cc1680x4cdataEnglishUnited States0.8289473684210527
                                                                                                                                                                                                RT_STRING0x2cc1b40x45cdataEnglishUnited States0.3844086021505376
                                                                                                                                                                                                RT_STRING0x2cc6100x344dataEnglishUnited States0.37320574162679426
                                                                                                                                                                                                RT_STRING0x2cc9540x2f8dataEnglishUnited States0.4039473684210526
                                                                                                                                                                                                RT_STRING0x2ccc4c0x598dataEnglishUnited States0.2807262569832402
                                                                                                                                                                                                RT_STRING0x2cd1e40x3aaStarOffice Gallery theme i, 1627418368 objects, 1st nEnglishUnited States0.4211087420042644
                                                                                                                                                                                                RT_STRING0x2cd5900x5c0dataEnglishUnited States0.3498641304347826
                                                                                                                                                                                                RT_STRING0x2cdb500x568dataEnglishUnited States0.32875722543352603
                                                                                                                                                                                                RT_STRING0x2ce0b80x164dataEnglishUnited States0.5421348314606742
                                                                                                                                                                                                RT_STRING0x2ce21c0x520dataEnglishUnited States0.39176829268292684
                                                                                                                                                                                                RT_STRING0x2ce73c0x1a0dataEnglishUnited States0.45913461538461536
                                                                                                                                                                                                RT_STRING0x2ce8dc0x18adataEnglishUnited States0.5228426395939086
                                                                                                                                                                                                RT_STRING0x2cea680x216Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.46254681647940077
                                                                                                                                                                                                RT_STRING0x2cec800x624dataEnglishUnited States0.3575063613231552
                                                                                                                                                                                                RT_STRING0x2cf2a40x660dataEnglishUnited States0.3474264705882353
                                                                                                                                                                                                RT_STRING0x2cf9040x2e2dataEnglishUnited States0.4037940379403794
                                                                                                                                                                                                RT_GROUP_ICON0x2cfbe80x4cdataEnglishUnited States0.7763157894736842
                                                                                                                                                                                                RT_VERSION0x2cfc340x2e4dataEnglishUnited States0.4581081081081081
                                                                                                                                                                                                RT_HTML0x2cff180x37c8ASCII text, with very long lines (443), with CRLF line terminatorsEnglishUnited States0.08291316526610644
                                                                                                                                                                                                RT_HTML0x2d36e00x1316ASCII text, with CRLF line terminatorsEnglishUnited States0.18399508800654932
                                                                                                                                                                                                RT_HTML0x2d49f80x4faHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3626373626373626
                                                                                                                                                                                                RT_HTML0x2d4ef40x6acdHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.10679931238798873
                                                                                                                                                                                                RT_HTML0x2db9c40x6a2HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3486454652532391
                                                                                                                                                                                                RT_HTML0x2dc0680x104aHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.2170263788968825
                                                                                                                                                                                                RT_HTML0x2dd0b40x15b1HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.17612101566720692
                                                                                                                                                                                                RT_HTML0x2de6680x205cexported SGML document, ASCII text, with very long lines (659), with CRLF line terminatorsEnglishUnited States0.13604538870111058
                                                                                                                                                                                                RT_HTML0x2e06c40x368dHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.10834228428213391
                                                                                                                                                                                                RT_MANIFEST0x2e3d540x80fXML 1.0 document, ASCII text, with CRLF, LF line terminatorsEnglishUnited States0.40814348036839554
                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                KERNEL32.dllCreateFileW, CloseHandle, WriteFile, DeleteFileW, HeapDestroy, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, GetProcessHeap, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, RemoveDirectoryW, GetTempPathW, GetTempFileNameW, CreateDirectoryW, MoveFileW, GetLastError, EnterCriticalSection, LeaveCriticalSection, GetModuleFileNameW, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, GetCurrentThreadId, RaiseException, SetLastError, GlobalUnlock, GlobalLock, GlobalAlloc, MulDiv, lstrcmpW, CreateEventW, FindClose, FindFirstFileW, GetFullPathNameW, SetEvent, InitializeCriticalSection, lstrcpynW, CreateThread, WaitForSingleObject, GetProcAddress, LoadLibraryExW, Sleep, GetDiskFreeSpaceExW, DecodePointer, GetExitCodeThread, GetCurrentProcessId, FreeLibrary, GetSystemDirectoryW, lstrlenW, VerifyVersionInfoW, VerSetConditionMask, lstrcmpiW, GetModuleHandleW, LoadLibraryW, GetDriveTypeW, CompareStringW, FindNextFileW, GetLogicalDriveStringsW, GetFileSize, GetFileAttributesW, GetShortPathNameW, SetFileAttributesW, GetFileTime, CopyFileW, ReadFile, SetFilePointer, SystemTimeToFileTime, MultiByteToWideChar, WideCharToMultiByte, GetCurrentProcess, GetSystemInfo, WaitForMultipleObjects, VirtualProtect, VirtualQuery, LoadLibraryExA, GetStringTypeW, SetUnhandledExceptionFilter, FormatMessageW, FileTimeToSystemTime, GetEnvironmentVariableW, GetEnvironmentStringsW, LocalFree, InitializeCriticalSectionEx, LoadLibraryA, GetModuleFileNameA, GetCurrentThread, GetConsoleOutputCP, FlushFileBuffers, SetConsoleTextAttribute, GetStdHandle, GetConsoleScreenBufferInfo, OutputDebugStringW, CreateProcessW, GetExitCodeProcess, GetTickCount, GetCommandLineW, SetCurrentDirectoryW, SetEndOfFile, EnumResourceLanguagesW, GetLocaleInfoW, GetSystemDefaultLangID, GetUserDefaultLangID, GetWindowsDirectoryW, GetSystemTime, GetDateFormatW, GetTimeFormatW, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, ResetEvent, GlobalFree, GetPrivateProfileStringW, GetPrivateProfileSectionNamesW, WritePrivateProfileStringW, GetLocalTime, CreateNamedPipeW, ConnectNamedPipe, Wow64DisableWow64FsRedirection, Wow64RevertWow64FsRedirection, IsWow64Process, TerminateThread, LocalAlloc, CompareFileTime, CopyFileExW, OpenEventW, PeekNamedPipe, QueryPerformanceCounter, QueryPerformanceFrequency, EncodePointer, LCMapStringEx, GetSystemTimeAsFileTime, CompareStringEx, GetCPInfo, IsDebuggerPresent, InitializeSListHead, InterlockedPopEntrySList, InterlockedPushEntrySList, FlushInstructionCache, IsProcessorFeaturePresent, VirtualAlloc, VirtualFree, WaitForSingleObjectEx, UnhandledExceptionFilter, TerminateProcess, GetStartupInfoW, RtlUnwind, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, ExitProcess, GetModuleHandleExW, GetFileType, GetTimeZoneInformation, LCMapStringW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetConsoleMode, IsValidCodePage, GetACP, GetOEMCP, GetFileSizeEx, SetFilePointerEx, FindFirstFileExW, GetCommandLineA, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, ReadConsoleW, WriteConsoleW
                                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                EnglishUnited States
                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                2024-11-13T10:11:27.179124+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.109.210.53443192.168.2.449730TCP
                                                                                                                                                                                                2024-11-13T10:12:06.538271+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.109.210.53443192.168.2.449763TCP
                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                Nov 13, 2024 10:11:43.999564886 CET49736443192.168.2.4104.20.3.235
                                                                                                                                                                                                Nov 13, 2024 10:11:43.999618053 CET44349736104.20.3.235192.168.2.4
                                                                                                                                                                                                Nov 13, 2024 10:11:43.999736071 CET49736443192.168.2.4104.20.3.235
                                                                                                                                                                                                Nov 13, 2024 10:11:44.015309095 CET49736443192.168.2.4104.20.3.235
                                                                                                                                                                                                Nov 13, 2024 10:11:44.015333891 CET44349736104.20.3.235192.168.2.4
                                                                                                                                                                                                Nov 13, 2024 10:11:44.631611109 CET44349736104.20.3.235192.168.2.4
                                                                                                                                                                                                Nov 13, 2024 10:11:44.631886005 CET49736443192.168.2.4104.20.3.235
                                                                                                                                                                                                Nov 13, 2024 10:11:44.653484106 CET49736443192.168.2.4104.20.3.235
                                                                                                                                                                                                Nov 13, 2024 10:11:44.653517008 CET44349736104.20.3.235192.168.2.4
                                                                                                                                                                                                Nov 13, 2024 10:11:44.653887987 CET49736443192.168.2.4104.20.3.235
                                                                                                                                                                                                Nov 13, 2024 10:11:44.654133081 CET44349736104.20.3.235192.168.2.4
                                                                                                                                                                                                Nov 13, 2024 10:11:44.654222012 CET49736443192.168.2.4104.20.3.235
                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                Nov 13, 2024 10:11:43.989629030 CET5490253192.168.2.41.1.1.1
                                                                                                                                                                                                Nov 13, 2024 10:11:43.997488022 CET53549021.1.1.1192.168.2.4
                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                Nov 13, 2024 10:11:43.989629030 CET192.168.2.41.1.1.10xa7bfStandard query (0)pastebin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                Nov 13, 2024 10:11:43.997488022 CET1.1.1.1192.168.2.40xa7bfNo error (0)pastebin.com104.20.3.235A (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 13, 2024 10:11:43.997488022 CET1.1.1.1192.168.2.40xa7bfNo error (0)pastebin.com104.20.4.235A (IP address)IN (0x0001)false
                                                                                                                                                                                                Nov 13, 2024 10:11:43.997488022 CET1.1.1.1192.168.2.40xa7bfNo error (0)pastebin.com172.67.19.24A (IP address)IN (0x0001)false

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                Start time:04:11:07
                                                                                                                                                                                                Start date:13/11/2024
                                                                                                                                                                                                Path:C:\Users\user\Desktop\AYoF5MX6wK.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\AYoF5MX6wK.exe"
                                                                                                                                                                                                Imagebase:0xae0000
                                                                                                                                                                                                File size:49'198'887 bytes
                                                                                                                                                                                                MD5 hash:5DF362988683370BCCA17FBAF194632A
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Target ID:1
                                                                                                                                                                                                Start time:04:11:11
                                                                                                                                                                                                Start date:13/11/2024
                                                                                                                                                                                                Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                Imagebase:0x7ff697370000
                                                                                                                                                                                                File size:69'632 bytes
                                                                                                                                                                                                MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                Start time:04:11:12
                                                                                                                                                                                                Start date:13/11/2024
                                                                                                                                                                                                Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 4A09D0C8A03EE2C01F2A2C2083C77C40 C
                                                                                                                                                                                                Imagebase:0xe10000
                                                                                                                                                                                                File size:59'904 bytes
                                                                                                                                                                                                MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                Start time:04:11:13
                                                                                                                                                                                                Start date:13/11/2024
                                                                                                                                                                                                Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\Installer.msi" AI_SETUPEXEPATH=C:\Users\user\Desktop\AYoF5MX6wK.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1731488893 " AI_EUIMSI=""
                                                                                                                                                                                                Imagebase:0xe10000
                                                                                                                                                                                                File size:59'904 bytes
                                                                                                                                                                                                MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Target ID:4
                                                                                                                                                                                                Start time:04:11:13
                                                                                                                                                                                                Start date:13/11/2024
                                                                                                                                                                                                Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding A5A3283E70335C9FCC40AE3FEC98782E
                                                                                                                                                                                                Imagebase:0xe10000
                                                                                                                                                                                                File size:59'904 bytes
                                                                                                                                                                                                MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Target ID:8
                                                                                                                                                                                                Start time:04:11:38
                                                                                                                                                                                                Start date:13/11/2024
                                                                                                                                                                                                Path:C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\run-file.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\run-file.exe"
                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                File size:80'968 bytes
                                                                                                                                                                                                MD5 hash:C9C4AC12004CC6B946CB7D49B5EB5EE5
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                Start time:04:11:38
                                                                                                                                                                                                Start date:13/11/2024
                                                                                                                                                                                                Path:C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exe
                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher
                                                                                                                                                                                                Imagebase:0x790000
                                                                                                                                                                                                File size:191'552 bytes
                                                                                                                                                                                                MD5 hash:48C96771106DBDD5D42BBA3772E4B414
                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                  Execution Coverage:23.2%
                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                  Signature Coverage:23.8%
                                                                                                                                                                                                  Total number of Nodes:686
                                                                                                                                                                                                  Total number of Limit Nodes:13
                                                                                                                                                                                                  execution_graph 1727 404040 1728 404070 FindResourceExA 1727->1728 1729 40405a 1727->1729 1730 4040b4 LoadResource 1728->1730 1731 40426c SetLastError 1728->1731 1732 404110 atoi 1730->1732 1733 4040cd LockResource 1730->1733 1734 404284 fprintf 1731->1734 1735 404126 1732->1735 1736 404208 1732->1736 1733->1732 1740 4040de 1733->1740 1734->1732 1755 402cb0 1735->1755 1738 402cb0 45 API calls 1736->1738 1741 40413b 1738->1741 1739 404155 1742 4041a5 strcpy 1739->1742 1744 404168 1739->1744 1745 40423a 1739->1745 1740->1732 1740->1734 1743 404103 1740->1743 1741->1739 1748 402cb0 45 API calls 1741->1748 1746 4041c3 fprintf 1742->1746 1747 4041f4 1742->1747 1743->1732 1749 402cb0 45 API calls 1744->1749 1750 402cb0 45 API calls 1745->1750 1746->1747 1748->1739 1753 40417d 1749->1753 1750->1753 1752 404197 1752->1729 1752->1742 1753->1752 1754 402cb0 45 API calls 1753->1754 1754->1752 1756 402d50 FindResourceExA 1755->1756 1757 402cd3 1755->1757 1760 402d94 LoadResource 1756->1760 1761 402e39 SetLastError 1756->1761 1758 402d10 1757->1758 1759 402cd8 1757->1759 1765 402ce3 1758->1765 1766 402920 39 API calls 1758->1766 1759->1765 1767 402920 39 API calls 1759->1767 1762 402e00 atoi 1760->1762 1763 402dad LockResource 1760->1763 1761->1762 1762->1759 1763->1762 1769 402dbe 1763->1769 1764 402ce8 1764->1741 1765->1764 1772 402920 1765->1772 1766->1765 1767->1765 1769->1762 1771 402ddf fprintf 1769->1771 1770 402d26 1770->1741 1771->1762 1773 402970 RegOpenKeyExA 1772->1773 1774 402946 fprintf 1772->1774 1776 4029a4 1773->1776 1777 4029ac memset memset memset 1773->1777 1774->1773 1776->1770 1778 402a4f RegEnumKeyExA 1777->1778 1779 402aa9 strcpy strlen 1778->1779 1780 402c8b RegCloseKey 1778->1780 1781 402ac7 1779->1781 1782 402acd strcat 1779->1782 1780->1770 1781->1782 1783 402bf0 fprintf 1782->1783 1784 402aec strchr 1782->1784 1783->1770 1785 402b07 strlen 1784->1785 1786 402b1b strcpy 1784->1786 1785->1786 1787 402c30 strncpy strlen strcat 1785->1787 1788 402b33 strcmp 1786->1788 1787->1788 1793 402a37 1788->1793 1789 402bd6 fprintf 1789->1770 1790 402a18 strcmp 1791 402b5f strcmp 1790->1791 1790->1793 1791->1793 1793->1778 1793->1789 1793->1790 1793->1791 1795 402b98 strcpy strcpy 1793->1795 1796 4027a0 memset RegOpenKeyExA 1793->1796 1795->1789 1795->1793 1797 402830 memset RegQueryValueExA 1796->1797 1798 402814 1796->1798 1799 4028ed RegCloseKey 1797->1799 1801 402894 1797->1801 1798->1793 1799->1798 1800 402906 strcpy 1799->1800 1800->1798 1801->1801 1802 4028e3 1801->1802 1803 4028bd strlen 1801->1803 1808 402690 memset 1802->1808 1805 4028d2 strcat 1803->1805 1806 4028cc 1803->1806 1805->1802 1806->1805 1809 402708 strcpy 1808->1809 1810 4026c9 1808->1810 1812 402776 strlen 1809->1812 1813 40271e strlen 1809->1813 1811 4026f9 1810->1811 1814 4026e0 fprintf 1810->1814 1815 4026db 1810->1815 1811->1799 1816 40272d strcat _stat 1812->1816 1813->1816 1814->1811 1815->1814 1816->1810 1818 402762 SetLastError 1816->1818 1818->1810 2149 401000 2150 401061 2149->2150 2151 40101e 2149->2151 2152 40102a signal 2150->2152 2154 401025 2150->2154 2155 401087 2150->2155 2153 401080 2151->2153 2151->2154 2157 4010bb signal 2152->2157 2160 401041 2152->2160 2153->2155 2156 4010e2 signal 2153->2156 2154->2152 2159 401071 2154->2159 2155->2160 2161 40108e signal 2155->2161 2158 401129 signal 2156->2158 2156->2160 2157->2160 2158->2160 2161->2160 2162 40110f signal 2161->2162 2162->2160 2163 403700 GlobalMemoryStatusEx 2168 4033f0 FindResourceExA 2163->2168 2166 4033f0 18 API calls 2167 403781 2166->2167 2169 403450 LoadResource 2168->2169 2170 4036e8 SetLastError 2168->2170 2171 4034c0 atoi FindResourceExA 2169->2171 2172 403468 LockResource 2169->2172 2173 4036d0 SetLastError 2171->2173 2174 40350e LoadResource 2171->2174 2172->2171 2178 403479 2172->2178 2173->2170 2175 403580 atoi 2174->2175 2176 403527 LockResource 2174->2176 2183 4035ce 2175->2183 2176->2175 2177 403538 2176->2177 2177->2175 2181 40355f fprintf 2177->2181 2178->2171 2179 40349f fprintf 2178->2179 2179->2171 2180 403651 2180->2166 2181->2175 2182 403604 2185 40366a fprintf 2182->2185 2186 40360d strcat strlen _itoa strlen 2182->2186 2183->2180 2183->2182 2184 4036a7 fprintf 2183->2184 2184->2182 2185->2186 2186->2180 1819 401dc5 1820 401dd0 GetModuleHandleA GetProcAddress 1819->1820 1821 401e00 GetCurrentProcess 1820->1821 1822 401e13 1820->1822 1821->1822 1823 401e48 1822->1823 1824 401e33 fprintf 1822->1824 1824->1823 2187 401b87 memset strncpy strlen fopen 1825 40124a _setmode 1826 4011bb 1825->1826 1827 4011e0 1826->1827 1828 4011c0 _setmode 1826->1828 1829 401200 __p__fmode 1827->1829 1830 4011e5 _setmode 1827->1830 1828->1827 1831 406b30 1829->1831 1830->1829 1832 401212 __p__environ 1831->1832 1833 406a10 427 API calls 1832->1833 1834 401237 _cexit ExitProcess 1833->1834 1835 40334c 1836 403350 GetCurrentDirectoryA 1835->1836 1850 40320b 1836->1850 1837 4032f0 fprintf 1837->1850 1838 403160 strchr 1840 40317b strchr 1838->1840 1841 4033cc strcat 1838->1841 1839 4032e0 1840->1839 1842 40319d strncat strncat strlen 1840->1842 1841->1839 1843 403317 strncat 1842->1843 1842->1850 1843->1850 1844 403335 strcat 1844->1836 1844->1850 1845 403377 strcat 1845->1850 1846 40326c strstr 1847 403291 GetEnvironmentVariableA 1846->1847 1846->1850 1849 4033b2 strcat 1847->1849 1847->1850 1849->1850 1850->1836 1850->1837 1850->1838 1850->1839 1850->1844 1850->1845 1850->1846 1851 4023b0 strstr 1850->1851 1852 4023d6 strstr 1851->1852 1853 402448 strchr strrchr 1851->1853 1852->1853 1856 4023f0 strstr 1852->1856 1854 402503 RegOpenKeyExA 1853->1854 1855 402485 RegOpenKeyExA 1853->1855 1858 4024ae RegQueryValueExA RegCloseKey 1854->1858 1859 40252c 1854->1859 1857 4024f4 1855->1857 1855->1858 1856->1853 1860 40240a strstr 1856->1860 1857->1850 1858->1857 1859->1855 1860->1853 1861 402424 strstr 1860->1861 1861->1853 1862 40243e 1861->1862 1862->1850 1863 4030cc 1864 4030d0 strcat strlen 1863->1864 1865 401fcc 1866 401fd0 FormatMessageA 1865->1866 1867 402013 strlen strcat LocalFree 1866->1867 1868 402096 fprintf 1866->1868 1868->1867 1869 402e4e 1870 402e50 1869->1870 1871 402e70 1870->1871 1872 402ea1 1870->1872 1873 402cb0 45 API calls 1871->1873 1874 402cb0 45 API calls 1872->1874 1875 402e81 1873->1875 1874->1875 1507 401290 __set_app_type 1510 401150 SetUnhandledExceptionFilter 1507->1510 1524 406b60 1510->1524 1512 40116e __getmainargs 1513 401200 __p__fmode 1512->1513 1514 4011a8 1512->1514 1525 406b30 1513->1525 1516 4011bb 1514->1516 1520 40124a _setmode 1514->1520 1517 4011e0 1516->1517 1518 4011c0 _setmode 1516->1518 1517->1513 1521 4011e5 _setmode 1517->1521 1518->1517 1520->1516 1521->1513 1524->1512 1526 401212 __p__environ 1525->1526 1527 406a10 1526->1527 1528 406a24 1527->1528 1529 406a29 GetCommandLineA GetStartupInfoA 1528->1529 1530 406a42 GetModuleHandleA 1529->1530 1532 406b00 1530->1532 1535 4013b0 1532->1535 1592 405d30 1535->1592 1537 4013c7 1538 4013d2 1537->1538 1539 40185b memset 1537->1539 1540 4013d5 1538->1540 1682 4021a0 FindResourceExA 1538->1682 1541 4020c0 5 API calls 1539->1541 1696 401ed0 GetLastError 1540->1696 1544 401888 1541->1544 1547 4018bc FindWindowExA 1544->1547 1551 40188e ShowWindow SetForegroundWindow 1544->1551 1553 4018e9 GetWindowTextA strstr 1544->1553 1545 4013fc 1548 401402 strstr 1545->1548 1549 40141b 1545->1549 1546 4013da 1550 401237 _cexit ExitProcess 1546->1550 1547->1544 1548->1549 1554 4021a0 5 API calls 1549->1554 1552 401c10 fclose 1551->1552 1552->1544 1553->1551 1555 401915 FindWindowExA 1553->1555 1556 40142f 1554->1556 1555->1544 1555->1553 1557 40143c 1556->1557 1558 4021a0 5 API calls 1556->1558 1559 401458 CreateWindowExA 1557->1559 1561 401591 1557->1561 1560 4015f5 1558->1560 1562 401616 1559->1562 1583 4014cc 1559->1583 1560->1557 1563 4015fd strstr 1560->1563 1565 4014d6 SetTimer 1561->1565 1566 4017ee 1561->1566 1587 40159b fprintf 1561->1587 1588 4015cc 1561->1588 1712 406830 CloseHandle CloseHandle 1561->1712 1716 4020c0 FindResourceExA 1562->1716 1563->1557 1563->1562 1565->1540 1565->1583 1571 401837 fwrite 1566->1571 1572 4017fc 1566->1572 1567 401642 1569 401646 atoi 1567->1569 1570 40165d 1567->1570 1569->1570 1573 4021a0 5 API calls 1570->1573 1571->1572 1724 406830 CloseHandle CloseHandle 1572->1724 1575 401686 1573->1575 1577 4016a3 1575->1577 1578 40168a strstr 1575->1578 1576 401801 1580 401c10 fclose 1576->1580 1581 4021a0 5 API calls 1577->1581 1578->1577 1579 40155d GetMessageA 1582 401547 TranslateMessage DispatchMessageA 1579->1582 1579->1583 1580->1546 1584 4016b9 LoadImageA 1581->1584 1582->1579 1583->1540 1583->1561 1583->1565 1583->1566 1583->1579 1689 406860 1583->1689 1584->1540 1586 4016f4 7 API calls 1584->1586 1586->1561 1587->1561 1589 401817 fprintf 1588->1589 1590 4015da 1588->1590 1589->1571 1713 401c10 1590->1713 1725 406c70 1592->1725 1594 405d3d GetModuleHandleA 1595 405d70 memset GetModuleFileNameA 1594->1595 1596 405d60 1594->1596 1597 406350 1595->1597 1598 405df8 strrchr 1595->1598 1596->1537 1597->1537 1598->1597 1599 405e1c 1598->1599 1600 401c30 12 API calls 1599->1600 1601 405e35 1600->1601 1601->1596 1602 405e3f GetModuleHandleA GetProcAddress 1601->1602 1603 405e68 GetCurrentProcess 1602->1603 1604 405e7b 1602->1604 1603->1604 1605 405eb0 FindResourceExA 1604->1605 1606 405e96 1604->1606 1607 405e9b fprintf 1604->1607 1608 405ee3 LoadResource 1605->1608 1609 40638b SetLastError 1605->1609 1606->1607 1607->1605 1610 405f35 FindResourceExA 1608->1610 1611 405efc LockResource 1608->1611 1612 4063a6 SetLastError 1609->1612 1610->1612 1613 405f68 LoadResource 1610->1613 1611->1610 1614 405f0d 1611->1614 1619 4063c1 SetLastError 1612->1619 1615 405f81 LockResource 1613->1615 1616 405fba FindResourceExA 1613->1616 1614->1610 1624 40641f fprintf 1614->1624 1615->1616 1622 405f92 1615->1622 1617 406361 SetLastError 1616->1617 1618 405fed LoadResource 1616->1618 1646 406323 1617->1646 1620 40600a LockResource 1618->1620 1618->1646 1621 4063dc SetLastError 1619->1621 1629 40601f 1620->1629 1620->1646 1626 4063f7 fprintf 1621->1626 1622->1616 1627 406447 fprintf 1622->1627 1623 40632c fprintf 1623->1597 1624->1610 1628 406047 memset FindResourceExA 1626->1628 1627->1616 1628->1619 1630 406097 LoadResource 1628->1630 1629->1626 1629->1628 1631 4060b0 LockResource 1630->1631 1632 4060c1 1630->1632 1631->1632 1633 406138 memset memset GetCurrentDirectoryA FindResourceExA 1632->1633 1634 4060ef CreateMutexA GetLastError 1632->1634 1643 406796 fprintf 1632->1643 1633->1621 1636 4061bd LoadResource 1633->1636 1634->1633 1635 40646f 1634->1635 1637 406482 fprintf 1635->1637 1638 406478 1635->1638 1639 406266 1636->1639 1640 4061da LockResource 1636->1640 1637->1596 1638->1596 1641 404740 162 API calls 1639->1641 1640->1639 1648 4061eb 1640->1648 1642 406278 1641->1642 1642->1596 1644 406282 6 API calls 1642->1644 1643->1632 1645 4064c0 strlen strcat SetEnvironmentVariableA 1644->1645 1644->1646 1645->1646 1649 406502 1645->1649 1646->1597 1646->1623 1647 406214 strncpy strlen 1651 406239 1647->1651 1652 40623f strcat _chdir 1647->1652 1648->1647 1650 4067b9 fprintf 1648->1650 1654 4051e0 38 API calls 1649->1654 1650->1647 1651->1652 1652->1639 1653 4064a6 fprintf 1652->1653 1653->1639 1655 406514 FindResourceExA 1654->1655 1656 406811 SetLastError 1655->1656 1657 40655b LoadResource 1655->1657 1658 4065c4 atoi 1657->1658 1659 406574 LockResource 1657->1659 1660 4067e2 strlen 1658->1660 1661 4065df strlen 1658->1661 1659->1658 1666 406585 1659->1666 1664 4067f7 1660->1664 1662 406600 strcat GlobalMemoryStatusEx 1661->1662 1663 4065f4 1661->1663 1665 4033f0 18 API calls 1662->1665 1663->1662 1664->1656 1667 406671 1665->1667 1666->1658 1668 4065a6 fprintf 1666->1668 1669 4033f0 18 API calls 1667->1669 1668->1658 1670 4066af memset 1669->1670 1671 403790 16 API calls 1670->1671 1672 4066d6 1671->1672 1673 403100 27 API calls 1672->1673 1674 4066fa 1673->1674 1675 405390 85 API calls 1674->1675 1676 406706 1675->1676 1677 405b60 14 API calls 1676->1677 1678 406711 1677->1678 1678->1638 1679 406724 fprintf 1678->1679 1679->1638 1680 406747 fprintf 1679->1680 1680->1638 1681 40676b strlen fprintf 1680->1681 1681->1596 1683 40227d SetLastError 1682->1683 1684 4021ed LoadResource 1682->1684 1683->1545 1685 402260 1684->1685 1686 402206 LockResource 1684->1686 1685->1545 1686->1685 1687 402217 1686->1687 1687->1685 1688 40223f fprintf 1687->1688 1688->1685 1690 406c70 1689->1690 1691 406870 6 API calls 1690->1691 1692 406970 1691->1692 1693 40694d 1691->1693 1692->1583 1694 406983 WaitForSingleObject GetExitCodeProcess CloseHandle CloseHandle 1693->1694 1695 406954 1693->1695 1694->1695 1695->1583 1697 402058 fprintf 1696->1697 1698 401eeb 1696->1698 1700 402077 fprintf 1697->1700 1699 401fd0 FormatMessageA 1698->1699 1701 401fa0 MessageBoxA 1698->1701 1702 401f01 1698->1702 1703 402013 strlen strcat LocalFree 1699->1703 1704 402096 fprintf 1699->1704 1700->1704 1701->1699 1707 401f16 1701->1707 1705 401f70 printf 1702->1705 1706 401f0a puts 1702->1706 1703->1546 1704->1703 1705->1707 1706->1707 1707->1700 1708 401f62 1707->1708 1709 401f2c ShellExecuteA 1707->1709 1710 401f90 fclose 1708->1710 1711 401f6b 1708->1711 1709->1708 1710->1546 1711->1546 1712->1561 1714 401c21 fclose 1713->1714 1715 401c1f 1713->1715 1714->1546 1715->1546 1717 40215b SetLastError 1716->1717 1718 4020fb LoadResource 1716->1718 1719 402170 1717->1719 1718->1719 1720 402114 LockResource 1718->1720 1719->1567 1720->1719 1721 402125 1720->1721 1722 40214f 1721->1722 1723 402179 fprintf 1721->1723 1722->1567 1723->1722 1724->1576 1726 406c76 1725->1726 1882 402e50 1883 402e70 1882->1883 1884 402ea1 1882->1884 1885 402cb0 45 API calls 1883->1885 1886 402cb0 45 API calls 1884->1886 1887 402e81 1885->1887 1886->1887 1888 401dd0 GetModuleHandleA GetProcAddress 1889 401e00 GetCurrentProcess 1888->1889 1891 401e13 1888->1891 1889->1891 1890 401e48 1891->1890 1892 401e33 fprintf 1891->1892 1892->1890 1893 4030d0 strcat strlen 1894 4012d0 memset 1895 4020c0 5 API calls 1894->1895 1896 401309 1895->1896 1897 401311 FindWindowExA 1896->1897 1898 40138d 1896->1898 1897->1898 1899 401338 1897->1899 1900 401340 GetWindowTextA strstr 1899->1900 1901 401397 1900->1901 1902 401368 FindWindowExA 1900->1902 1902->1898 1902->1900 1903 4050d0 1904 406c70 1903->1904 1905 4050e0 6 API calls 1904->1905 1906 4051a0 strlen strcat SetEnvironmentVariableA 1905->1906 1907 40516e 1905->1907 1906->1907 1910 4051d6 1906->1910 1908 405183 fprintf 1907->1908 1909 405177 1907->1909 1908->1909 2193 405010 2194 406c70 2193->2194 2195 40501d memset GetEnvironmentVariableA strlen 2194->2195 2196 405086 strlen strcat SetEnvironmentVariableA 2195->2196 2197 405077 2195->2197 1911 403659 1912 403660 1911->1912 1913 40366a fprintf 1912->1913 1914 40360d strcat strlen _itoa strlen 1912->1914 1913->1914 1915 403651 1914->1915 1916 401959 1917 401960 GetWindowThreadProcessId 1916->1917 1918 401993 GetWindowLongA 1917->1918 1919 401987 1917->1919 1918->1919 1920 4019ae ShowWindow 1918->1920 1920->1919 1921 405cdc 1927 405c6c 1921->1927 1922 405c50 strcpy strstr 1923 405ca5 1922->1923 1922->1927 1924 405c40 1923->1924 1925 405cae strlen strcat 1923->1925 1925->1924 1926 405c70 strchr 1926->1927 1928 405c8b strstr 1926->1928 1927->1922 1927->1926 1927->1928 1928->1923 1928->1926 2198 40261c 2199 402620 2198->2199 2200 402660 strlen 2199->2200 2201 402633 strlen 2199->2201 2202 402675 strcat 2200->2202 2203 40266f 2200->2203 2204 402642 2201->2204 2205 402648 strcat 2201->2205 2203->2202 2204->2205 2206 406a9c 2207 406aa0 GetModuleHandleA 2206->2207 2209 406b00 2207->2209 2210 4013b0 424 API calls 2209->2210 2211 406b1a 2210->2211 1929 4052de 1930 4052e0 SetEnvironmentVariableA 1929->1930 1931 4052ff strtok 1930->1931 1932 405364 1931->1932 1933 40530a strchr 1931->1933 1937 403100 1933->1937 1936 405346 fprintf 1936->1930 1938 406c70 1937->1938 1939 403110 memset memset 1938->1939 1940 4032e0 1939->1940 1941 40315f 1939->1941 1940->1930 1940->1936 1941->1940 1942 403160 strchr 1941->1942 1947 403335 strcat 1941->1947 1948 403350 GetCurrentDirectoryA 1941->1948 1949 4032f0 fprintf 1941->1949 1950 403377 strcat 1941->1950 1951 40326c strstr 1941->1951 1953 4023b0 11 API calls 1941->1953 1943 40317b strchr 1942->1943 1944 4033cc strcat 1942->1944 1943->1940 1945 40319d strncat strncat strlen 1943->1945 1944->1940 1945->1941 1946 403317 strncat 1945->1946 1946->1941 1947->1941 1947->1948 1948->1941 1949->1941 1950->1941 1951->1941 1952 403291 GetEnvironmentVariableA 1951->1952 1952->1941 1954 4033b2 strcat 1952->1954 1953->1941 1954->1941 1955 402ede 1956 402ee0 1955->1956 1957 402ff0 1956->1957 1958 402ef7 1956->1958 1959 402cb0 45 API calls 1957->1959 1960 402cb0 45 API calls 1958->1960 1962 403005 1959->1962 1961 402f0c 1960->1961 1963 402f26 1961->1963 1964 402cb0 45 API calls 1961->1964 1962->1963 1966 402cb0 45 API calls 1962->1966 1965 402f90 strcpy 1963->1965 1967 402f43 1963->1967 1968 403027 1963->1968 1964->1963 1969 402fad fprintf 1965->1969 1970 402fde 1965->1970 1966->1963 1971 402cb0 45 API calls 1967->1971 1972 402cb0 45 API calls 1968->1972 1969->1970 1974 402f58 1971->1974 1975 40303c 1972->1975 1977 402cb0 45 API calls 1974->1977 1978 402f76 1974->1978 1976 402cb0 45 API calls 1975->1976 1975->1978 1976->1978 1977->1978 1978->1965 1978->1970 1979 401e60 1980 401ea0 MessageBoxA 1979->1980 1982 401e73 printf 1979->1982 1983 401960 GetWindowThreadProcessId 1984 401993 GetWindowLongA 1983->1984 1985 401987 1983->1985 1984->1985 1986 4019ae ShowWindow 1984->1986 1986->1985 1987 4019e0 1988 401a20 GetExitCodeProcess 1987->1988 1989 4019ef 1987->1989 1990 401a73 1988->1990 1991 401a46 KillTimer PostQuitMessage 1988->1991 1992 401a90 ShowWindow 1989->1992 1993 4019fc 1989->1993 1990->1991 1996 401a6f 1990->1996 1991->1996 1992->1988 1997 401abd 1992->1997 1994 401b00 EnumWindows 1993->1994 1995 401a12 1993->1995 1994->1988 1995->1988 1997->1988 1998 401acb KillTimer 1997->1998 1999 401ed0 13 API calls 1998->1999 2000 401ae7 PostQuitMessage 1999->2000 2000->1988 2001 402ee0 2002 402ff0 2001->2002 2003 402ef7 2001->2003 2004 402cb0 45 API calls 2002->2004 2005 402cb0 45 API calls 2003->2005 2007 403005 2004->2007 2006 402f0c 2005->2006 2008 402f26 2006->2008 2009 402cb0 45 API calls 2006->2009 2007->2008 2011 402cb0 45 API calls 2007->2011 2010 402f90 strcpy 2008->2010 2012 402f43 2008->2012 2013 403027 2008->2013 2009->2008 2014 402fad fprintf 2010->2014 2015 402fde 2010->2015 2011->2008 2016 402cb0 45 API calls 2012->2016 2017 402cb0 45 API calls 2013->2017 2014->2015 2019 402f58 2016->2019 2020 40303c 2017->2020 2022 402cb0 45 API calls 2019->2022 2023 402f76 2019->2023 2021 402cb0 45 API calls 2020->2021 2020->2023 2021->2023 2022->2023 2023->2010 2023->2015 2024 4025e0 strlen 2025 402601 2024->2025 2212 402620 2213 402660 strlen 2212->2213 2214 402633 strlen 2212->2214 2215 402675 strcat 2213->2215 2216 40266f 2213->2216 2217 402642 2214->2217 2218 402648 strcat 2214->2218 2216->2215 2217->2218 2219 401b20 GetModuleHandleA 2220 401b40 2219->2220 2026 404069 2027 404070 FindResourceExA 2026->2027 2028 4040b4 LoadResource 2027->2028 2029 40426c SetLastError 2027->2029 2030 404110 atoi 2028->2030 2031 4040cd LockResource 2028->2031 2032 404284 fprintf 2029->2032 2033 404126 2030->2033 2034 404208 2030->2034 2031->2030 2038 4040de 2031->2038 2032->2030 2035 402cb0 45 API calls 2033->2035 2036 402cb0 45 API calls 2034->2036 2039 40413b 2035->2039 2036->2039 2037 404155 2040 4041a5 strcpy 2037->2040 2042 404168 2037->2042 2043 40423a 2037->2043 2038->2030 2038->2032 2041 404103 2038->2041 2039->2037 2046 402cb0 45 API calls 2039->2046 2044 4041c3 fprintf 2040->2044 2045 4041f4 2040->2045 2041->2030 2047 402cb0 45 API calls 2042->2047 2048 402cb0 45 API calls 2043->2048 2044->2045 2046->2037 2051 40417d 2047->2051 2048->2051 2050 404197 2050->2040 2052 40405a 2050->2052 2051->2050 2053 402cb0 45 API calls 2051->2053 2053->2050 2054 401269 2055 401270 __set_app_type 2054->2055 2056 401150 436 API calls 2055->2056 2057 401288 2056->2057 2058 4013e9 2059 4013f0 2058->2059 2060 4021a0 5 API calls 2059->2060 2061 4013fc 2060->2061 2062 401402 strstr 2061->2062 2063 40141b 2061->2063 2062->2063 2064 4021a0 5 API calls 2063->2064 2065 40142f 2064->2065 2066 40143c 2065->2066 2067 4021a0 5 API calls 2065->2067 2068 401458 CreateWindowExA 2066->2068 2080 4014cc 2066->2080 2069 4015f5 2067->2069 2070 401616 2068->2070 2068->2080 2069->2066 2071 4015fd strstr 2069->2071 2072 4020c0 5 API calls 2070->2072 2071->2066 2071->2070 2075 401642 2072->2075 2073 4014d6 SetTimer 2076 4013d5 2073->2076 2073->2080 2074 4017ee 2082 401837 fwrite 2074->2082 2083 4017fc 2074->2083 2078 401646 atoi 2075->2078 2079 40165d 2075->2079 2081 401ed0 13 API calls 2076->2081 2077 406860 10 API calls 2077->2080 2078->2079 2084 4021a0 5 API calls 2079->2084 2080->2073 2080->2074 2080->2076 2080->2077 2090 40155d GetMessageA 2080->2090 2097 40159b fprintf 2080->2097 2098 4015cc 2080->2098 2103 406830 CloseHandle CloseHandle 2080->2103 2102 4013da 2081->2102 2082->2083 2104 406830 CloseHandle CloseHandle 2083->2104 2086 401686 2084->2086 2088 4016a3 2086->2088 2089 40168a strstr 2086->2089 2087 401801 2091 401c10 fclose 2087->2091 2092 4021a0 5 API calls 2088->2092 2089->2088 2090->2080 2093 401547 TranslateMessage DispatchMessageA 2090->2093 2091->2102 2094 4016b9 LoadImageA 2092->2094 2093->2090 2094->2076 2096 4016f4 7 API calls 2094->2096 2096->2080 2097->2080 2099 401817 fprintf 2098->2099 2100 4015da 2098->2100 2099->2082 2101 401c10 fclose 2100->2101 2101->2102 2103->2080 2104->2087 2221 402829 2222 402830 memset RegQueryValueExA 2221->2222 2223 4028ed RegCloseKey 2222->2223 2225 402894 2222->2225 2224 402906 strcpy 2223->2224 2226 402814 2223->2226 2224->2226 2225->2225 2227 4028e3 2225->2227 2228 4028bd strlen 2225->2228 2229 402690 8 API calls 2227->2229 2230 4028d2 strcat 2228->2230 2231 4028cc 2228->2231 2232 4028eb 2229->2232 2230->2227 2231->2230 2232->2223 2105 402bec 2106 402bf0 fprintf 2105->2106 2107 401270 __set_app_type 2108 401150 436 API calls 2107->2108 2109 401288 2108->2109 2233 4022b0 FindResourceExA 2234 4022fd LoadResource 2233->2234 2235 40237f SetLastError atoi 2233->2235 2236 402370 atoi 2234->2236 2237 402316 LockResource 2234->2237 2237->2236 2238 402327 2237->2238 2238->2236 2239 40234f fprintf 2238->2239 2239->2236 2110 403071 2111 403080 GetModuleFileNameA 2110->2111 2112 4030b0 strrchr 2111->2112 2113 4030c5 2111->2113 2112->2113 2114 4039f1 2115 403a00 memset FindResourceExA 2114->2115 2116 403b38 SetLastError 2115->2116 2117 403a5a LoadResource 2115->2117 2118 403ad0 2116->2118 2119 403ad9 2116->2119 2117->2118 2120 403a72 LockResource 2117->2120 2118->2119 2121 403ae3 CreateMutexA GetLastError 2118->2121 2120->2118 2125 403a83 2120->2125 2121->2119 2122 403b28 2121->2122 2123 403b31 2122->2123 2124 403b59 fprintf 2122->2124 2124->2123 2125->2118 2126 403aaf fprintf 2125->2126 2126->2118 2240 402531 2241 402540 strchr 2240->2241 2242 40257d 2241->2242 2243 40256d strlen 2241->2243 2244 402597 strncpy strlen 2242->2244 2243->2242 2243->2244 2127 403b77 memset memset GetCurrentDirectoryA FindResourceExA 2128 403c10 LoadResource 2127->2128 2129 403cd7 SetLastError 2127->2129 2130 403cd0 2128->2130 2131 403c2d LockResource 2128->2131 2131->2130 2133 403c42 2131->2133 2132 403c73 strncpy strlen 2135 403c98 2132->2135 2136 403c9e strcat _chdir 2132->2136 2133->2132 2134 403cf4 fprintf 2133->2134 2134->2132 2135->2136 2136->2130 2137 403cbb fprintf 2136->2137 2137->2130 2138 401afc 2139 401b00 EnumWindows 2138->2139 2140 401a20 GetExitCodeProcess 2139->2140 2141 401a73 2140->2141 2142 401a46 KillTimer PostQuitMessage 2140->2142 2141->2142 2143 401a6f 2141->2143 2142->2143 2144 40397e 2145 403900 2144->2145 2146 403968 _close 2145->2146 2147 403957 strlen 2145->2147 2148 403976 2146->2148 2147->2146

                                                                                                                                                                                                  Callgraph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  • Opacity -> Relevance
                                                                                                                                                                                                  • Disassembly available
                                                                                                                                                                                                  callgraph 0 Function_00404040 97 Function_00402CB0 0->97 1 Function_00404740 37 Function_00403D20 1->37 96 Function_004042B0 1->96 1->97 2 Function_00401149 3 Function_0040124A 31 Function_00406A10 3->31 48 Function_00406B30 3->48 4 Function_0040334C 100 Function_004023B0 4->100 5 Function_00402E4E 5->97 6 Function_00402E50 6->97 7 Function_00401E50 8 Function_00401150 17 Function_00406B60 8->17 8->31 8->48 9 Function_00403659 10 Function_00406859 11 Function_00401959 12 Function_00405B5E 13 Function_00401E60 14 Function_00401960 15 Function_00406860 22 Function_00406C70 15->22 16 Function_00405B60 16->22 18 Function_00404069 18->97 19 Function_00401269 19->8 20 Function_00401270 20->8 21 Function_00406B70 23 Function_00403071 24 Function_00403B77 25 Function_0040397E 26 Function_00406C00 98 Function_004012B0 26->98 27 Function_00401000 27->17 28 Function_00406A00 29 Function_00403100 29->22 29->100 30 Function_00403700 72 Function_004033F0 30->72 31->22 31->26 95 Function_004013B0 31->95 32 Function_00401C10 33 Function_00405010 33->22 34 Function_00403D17 35 Function_0040261C 36 Function_0040291C 37->22 37->29 84 Function_00402690 37->84 38 Function_00402620 39 Function_00401B20 40 Function_00402920 92 Function_004027A0 40->92 41 Function_00402829 41->84 42 Function_00401C2C 43 Function_0040682C 44 Function_00405D2C 45 Function_00405D30 45->1 45->16 45->22 45->29 46 Function_00401C30 45->46 63 Function_004051E0 45->63 45->72 82 Function_00405390 45->82 83 Function_00403790 45->83 46->22 47 Function_00406830 49 Function_00402531 50 Function_004020C0 51 Function_00401DC5 52 Function_004030CC 53 Function_00401FCC 54 Function_00406ACE 54->95 55 Function_00401DD0 56 Function_004030D0 57 Function_00401ED0 58 Function_004012D0 58->50 59 Function_004050D0 59->22 60 Function_00405CDC 61 Function_004052DE 61->29 62 Function_00402EDE 62->97 63->22 63->29 64 Function_004019E0 64->57 65 Function_00402EE0 65->97 66 Function_004025E0 67 Function_004069E0 68 Function_004033E5 69 Function_00406CE9 70 Function_004013E9 70->15 70->32 70->47 70->50 70->57 93 Function_004021A0 70->93 71 Function_00402BEC 91 Function_00406CA0 72->91 73 Function_004069F0 74 Function_004039F1 75 Function_00406BF9 76 Function_00401AFC 77 Function_00401B87 78 Function_00405387 79 Function_00403789 80 Function_0040268C 81 Function_0040398E 82->22 82->29 85 Function_00401290 85->8 86 Function_00402199 87 Function_00402799 88 Function_00406B99 88->98 89 Function_00406A9C 89->95 90 Function_00406BA0 90->98 92->84 94 Function_004042A7 95->15 95->32 95->45 95->47 95->50 95->57 95->93 97->40 99 Function_004022B0 101 Function_004020B9 102 Function_004012BC

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 0 405d30-405d5e call 406c70 GetModuleHandleA 3 405d70-405df2 memset GetModuleFileNameA 0->3 4 405d60-405d6e 0->4 5 406350-406360 3->5 6 405df8-405e16 strrchr 3->6 6->5 7 405e1c-405e39 call 401c30 6->7 7->4 10 405e3f-405e66 GetModuleHandleA GetProcAddress 7->10 11 405e68-405e7b GetCurrentProcess 10->11 12 405e7e-405e85 10->12 11->12 13 405eb0-405edd FindResourceExA 12->13 14 405e87-405e94 12->14 18 405ee3-405efa LoadResource 13->18 19 40638b-40639e SetLastError 13->19 16 405e96 14->16 17 405e9b-405eab fprintf 14->17 16->17 17->13 20 405f35-405f62 FindResourceExA 18->20 21 405efc-405f0b LockResource 18->21 22 4063a6-4063b9 SetLastError 19->22 20->22 23 405f68-405f7f LoadResource 20->23 21->20 24 405f0d 21->24 32 4063c1-4063d4 SetLastError 22->32 25 405f81-405f90 LockResource 23->25 26 405fba-405fe7 FindResourceExA 23->26 27 405f0f-405f1c 24->27 25->26 28 405f92 25->28 29 406361-406374 SetLastError 26->29 30 405fed-406004 LoadResource 26->30 27->27 31 405f1e-405f26 27->31 33 405f94-405fa1 28->33 34 406377-40637e 29->34 30->34 35 40600a-406019 LockResource 30->35 31->20 36 405f28-405f2f 31->36 37 4063dc-4063ef SetLastError 32->37 33->33 38 405fa3-405fab 33->38 34->5 40 406380-406389 34->40 35->34 39 40601f 35->39 36->20 41 40641f-406442 fprintf 36->41 45 4063f7-40641a fprintf 37->45 38->26 42 405fad-405fb4 38->42 43 406021-40602e 39->43 44 406335-406349 fprintf 40->44 41->20 42->26 46 406447-40646a fprintf 42->46 43->43 47 406030-406038 43->47 44->5 48 406047-406091 memset FindResourceExA 45->48 46->26 47->48 49 40603a-406041 47->49 48->32 50 406097-4060ae LoadResource 48->50 49->45 49->48 51 4060b0-4060bf LockResource 50->51 52 4060e6-4060ed 50->52 51->52 53 4060c1 51->53 54 406138-4061b7 memset * 2 GetCurrentDirectoryA FindResourceExA 52->54 55 4060ef-406132 CreateMutexA GetLastError 52->55 56 4060c3-4060cd 53->56 54->37 58 4061bd-4061d4 LoadResource 54->58 55->54 57 40646f-406476 55->57 56->56 59 4060cf-4060d7 56->59 60 406482-4064a1 fprintf 57->60 61 406478-40647d 57->61 62 406266-40627c call 404740 58->62 63 4061da-4061e9 LockResource 58->63 59->52 65 4060d9-4060e0 59->65 60->4 61->4 62->4 70 406282-40631d memset strcpy strlen memset GetEnvironmentVariableA strlen 62->70 63->62 66 4061eb 63->66 65->52 68 406796-4067b4 fprintf 65->68 69 4061ed-4061fb 66->69 68->52 69->69 71 4061fd-406205 69->71 72 4064c0-4064fc strlen strcat SetEnvironmentVariableA 70->72 73 406323-40632a 70->73 74 406214-406237 strncpy strlen 71->74 75 406207-40620e 71->75 72->73 77 406502-406555 call 4051e0 FindResourceExA 72->77 73->5 76 40632c-406331 73->76 79 406239 74->79 80 40623f-406260 strcat _chdir 74->80 75->74 78 4067b9-4067dd fprintf 75->78 76->44 84 406811-406824 SetLastError 77->84 85 40655b-406572 LoadResource 77->85 78->74 79->80 80->62 81 4064a6-4064bb fprintf 80->81 81->62 86 4065c4-4065d9 atoi 85->86 87 406574-406583 LockResource 85->87 89 4067e2-4067f5 strlen 86->89 90 4065df-4065f2 strlen 86->90 87->86 88 406585 87->88 91 406587-406591 88->91 94 406803-406808 89->94 95 4067f7-4067fc 89->95 92 406600-406701 strcat GlobalMemoryStatusEx call 4033f0 * 2 memset call 403790 call 403100 call 405390 90->92 93 4065f4-4065f9 90->93 91->91 96 406593-40659b 91->96 108 406706-406718 call 405b60 92->108 93->92 94->84 95->94 96->86 98 40659d-4065a4 96->98 98->86 100 4065a6-4065bf fprintf 98->100 100->86 111 406724-406745 fprintf 108->111 112 40671a-40671f 108->112 111->112 113 406747-406769 fprintf 111->113 112->4 113->112 114 40676b-406791 strlen fprintf 113->114 114->4
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ModuleResource$Handle$AddressCurrentFileFindLoadLockNameProcProcessfprintfmemsetstrrchr
                                                                                                                                                                                                  • String ID: -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\$-Xms$-Xmx$An error occurred while starting the application.$Args length:%d/32768 chars$C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exe$C:\Windows\system32$Error:%s$Instance already exists.$IsWow64Process$Laun$Launcher args:%s$Launcher:%s$Resource %d:%s$Startup error message not defined.$WOW64:%s$Working dir:%s$\bin$appendToPathVar failed.$bin\java.exe$bin\javaw.exe$ch4j$yes
                                                                                                                                                                                                  • API String ID: 919401838-1666979126
                                                                                                                                                                                                  • Opcode ID: e98f0b280fdfade851ebe13318b98efc7c14c0c3f0ba294e535c625494688a31
                                                                                                                                                                                                  • Instruction ID: bf9eff1d8a15de45e5a137a0cf06cc9be9fda6a92e4b939ea636d94b2118cc52
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e98f0b280fdfade851ebe13318b98efc7c14c0c3f0ba294e535c625494688a31
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A521EB09087018BD714EF29D58025EBBE1EF84344F15C87FE889AB391DB7C89658F4A

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 185 404740-404794 FindResourceExA 186 40479a-4047b1 LoadResource 185->186 187 404c7b-404c8b SetLastError 185->187 188 404810-404859 FindResourceExA 186->188 189 4047b3-4047c2 LockResource 186->189 193 404c93-404ca6 SetLastError 187->193 190 404cae-404cc1 SetLastError 188->190 191 40485f-404876 LoadResource 188->191 189->188 192 4047c4-4047c9 189->192 197 404cc9-404ce0 call 402cb0 190->197 194 4048e0-4048f7 strchr 191->194 195 404878-404887 LockResource 191->195 196 4047d0-4047da 192->196 193->190 199 4048f9-404907 strlen 194->199 200 40490d-40491d strcpy 194->200 195->194 198 404889-40488c 195->198 196->196 201 4047dc-4047e4 196->201 211 404ce6-404cee 197->211 212 404f7d-404f92 call 402cb0 197->212 203 404890-40489d 198->203 199->200 204 404afc-404b4c strncpy strlen strcat 199->204 205 404922-404950 FindResourceExA 200->205 201->188 206 4047e6-4047ed 201->206 203->203 209 40489f-4048a7 203->209 204->205 205->193 210 404956-40496c LoadResource 205->210 206->188 207 4047ef-40480d fprintf 206->207 207->188 209->194 213 4048a9-4048b0 209->213 214 4049e0-4049f7 strchr 210->214 215 40496e-40497d LockResource 210->215 217 404cf4-404d10 strcpy 211->217 218 404a39-404a53 call 403d20 211->218 237 404f97-404fae call 402cb0 212->237 213->194 221 4048b2-4048d9 fprintf 213->221 219 4049f9-404a07 strlen 214->219 220 404a0d-404a1d strcpy 214->220 215->214 222 40497f-404981 215->222 225 404a55-404a5f 217->225 226 404d16-404d22 217->226 218->225 239 404a97-404aa6 call 4042b0 218->239 219->220 227 404aa7-404af7 strncpy strlen strcat 219->227 228 404a22-404a2a 220->228 221->194 223 404990-40499d 222->223 223->223 230 40499f-4049a7 223->230 231 404d24 226->231 232 404d29-404d47 fprintf 226->232 227->228 233 404a60-404a6d call 403d20 228->233 234 404a2c-404a33 228->234 230->214 236 4049a9-4049b0 230->236 231->232 232->225 246 404a72-404a74 233->246 234->218 238 404b51-404b8f FindResourceExA 234->238 236->214 241 4049b2-4049d9 fprintf 236->241 254 404fb4-404fc0 237->254 255 404e97-404e9f 237->255 244 404f33-404f43 SetLastError 238->244 245 404b95-404bac LoadResource 238->245 241->214 257 404f4b-404f62 call 402cb0 244->257 250 404bea-404bfa atoi 245->250 251 404bae-404bbd LockResource 245->251 246->225 247 404a76-404a84 246->247 252 404a8a-404a95 247->252 253 404d7e-404dbb FindResourceExA 247->253 258 404c00-404c18 call 402cb0 250->258 259 404d4c-404d63 call 402cb0 250->259 251->250 256 404bbf-404bc1 251->256 252->225 252->239 264 404dc1-404dd8 LoadResource 253->264 265 404fc9-404fd9 SetLastError 253->265 254->265 255->252 260 404ea5-404ec1 strcpy 255->260 262 404bd0-404bda 256->262 275 404e55-404e5d 257->275 276 404f68-404f74 257->276 278 404c1a-404c2a call 402cb0 258->278 279 404c2f-404c37 258->279 259->279 283 404d69-404d75 259->283 270 404ec3-404ecf 260->270 271 404ef4-404efb 260->271 262->262 273 404bdc-404be4 262->273 267 404e10-404e20 atoi 264->267 268 404dda-404de9 LockResource 264->268 285 404fe1-404fff fprintf 265->285 267->257 282 404e26-404e3e call 402cb0 267->282 268->267 277 404deb 268->277 280 404ed1 270->280 281 404ed6-404eef fprintf 270->281 284 404f03-404f0a 271->284 273->250 273->284 275->260 291 404e5f-404e62 275->291 276->212 286 404ded-404df7 277->286 278->279 279->217 288 404c3d-404c40 279->288 280->281 281->271 282->275 298 404e40-404e50 call 402cb0 282->298 283->253 284->250 290 404f10-404f2e fprintf 284->290 285->267 286->286 292 404df9-404e01 286->292 288->197 293 404c46-404c5e call 402cb0 288->293 290->250 291->237 295 404e68-404e80 call 402cb0 291->295 292->267 296 404e03-404e0a 292->296 293->211 304 404c64-404c79 call 402cb0 293->304 295->255 303 404e82-404e92 call 402cb0 295->303 296->267 296->285 298->275 303->255 304->211
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Resource$FindLoadLock$fprintf$ErrorLaststrchrstrcpystrlen
                                                                                                                                                                                                  • String ID: 1.8.0$1.8.0$C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre$C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exe$Resource %d:%s$Runtime used:%s (%s-bit)$true
                                                                                                                                                                                                  • API String ID: 1095060389-1055979997
                                                                                                                                                                                                  • Opcode ID: 1e1ebbd2596e796659a365ff710677ee0d78a079d6b67fc0678fadb0c843e369
                                                                                                                                                                                                  • Instruction ID: 877def55760d6699fa8b0a675f498fd38e355f95ffd6f34839a3e279e3ce58b8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e1ebbd2596e796659a365ff710677ee0d78a079d6b67fc0678fadb0c843e369
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70225DB4A083019BD700AF65D64435FBBE1AB84344F01C87FE989AB3C2D77C9955DB8A

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 308 4013b0-4013cc call 405d30 311 4013d2-4013d3 308->311 312 40185b-40188a memset call 4020c0 308->312 313 4013f0-401400 call 4021a0 311->313 314 4013d5-4013da call 401ed0 311->314 321 4018bc-4018e1 FindWindowExA 312->321 322 40188c 312->322 324 401402-401415 strstr 313->324 325 40141b-401436 call 4021a0 313->325 326 4013df-4013e6 314->326 321->322 323 4018e3 321->323 327 40188e-4018b2 ShowWindow SetForegroundWindow call 401c10 322->327 329 4018e9-40190f GetWindowTextA strstr 323->329 324->325 330 40180d-401812 324->330 336 4015e9-4015f7 call 4021a0 325->336 337 40143c 325->337 327->321 329->327 333 401915-401938 FindWindowExA 329->333 330->325 333->329 335 40193a 333->335 335->322 339 401441-40144e 336->339 346 4015fd-401610 strstr 336->346 337->339 340 401450-401452 339->340 341 401458-4014c6 CreateWindowExA 339->341 340->341 343 4017e6-4017e8 340->343 344 40161b-401644 call 4020c0 341->344 345 4014cc-4014d4 341->345 348 4014d6-401504 SetTimer 343->348 351 4017ee 343->351 355 401646-401657 atoi 344->355 356 401668-401688 call 4021a0 344->356 345->348 349 40150a-40151a call 406860 345->349 346->339 350 401616 346->350 348->314 348->349 357 40151f-401521 349->357 350->344 354 4017f3-4017fa 351->354 358 401837-401859 fwrite 354->358 359 4017fc-401808 call 406830 call 401c10 354->359 360 40165d-401662 355->360 361 40193f-401944 355->361 369 4016a3-4016ee call 4021a0 LoadImageA 356->369 370 40168a-40169d strstr 356->370 357->314 363 401527-40152f 357->363 358->359 359->326 360->356 361->356 366 401531-401539 363->366 367 40153f-401545 363->367 366->354 366->367 371 40155d-40157c GetMessageA 367->371 369->314 382 4016f4-4017de SendMessageA GetWindowRect GetSystemMetrics * 2 SetWindowPos ShowWindow UpdateWindow 369->382 370->369 373 401949-40194e 370->373 375 401547-40155a TranslateMessage DispatchMessageA 371->375 376 40157e-401586 371->376 373->369 375->371 379 4015b0-4015bc call 406830 376->379 380 401588-40158f 376->380 387 4015cc-4015d4 379->387 388 4015be-4015c6 379->388 380->379 383 401591-401599 380->383 385 4017e1 382->385 383->379 386 40159b-4015ab fprintf 383->386 385->343 386->379 389 401817-40182d fprintf 387->389 390 4015da-4015e4 call 401c10 387->390 388->385 388->387 389->358 390->326
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00405D30: GetModuleHandleA.KERNEL32(?,004013C7), ref: 00405D4D
                                                                                                                                                                                                  • strstr.MSVCRT ref: 0040140E
                                                                                                                                                                                                  • CreateWindowExA.USER32 ref: 004014B1
                                                                                                                                                                                                  • SetTimer.USER32 ref: 004014FA
                                                                                                                                                                                                  • GetMessageA.USER32 ref: 00401572
                                                                                                                                                                                                    • Part of subcall function 00401ED0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,004013DA), ref: 00401ED7
                                                                                                                                                                                                    • Part of subcall function 00401ED0: puts.MSVCRT ref: 00401F11
                                                                                                                                                                                                    • Part of subcall function 00401ED0: ShellExecuteA.SHELL32 ref: 00401F5A
                                                                                                                                                                                                  • memset.MSVCRT ref: 00401873
                                                                                                                                                                                                  • ShowWindow.USER32 ref: 0040189A
                                                                                                                                                                                                  • SetForegroundWindow.USER32 ref: 004018A5
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Window$CreateErrorExecuteForegroundHandleLastMessageModuleShellShowTimermemsetputsstrstr
                                                                                                                                                                                                  • String ID: --l4j-dont-wait$--l4j-no-splash$--l4j-no-splash-err$Exit code:%d$Exit code:%d, restarting the application!$STATIC
                                                                                                                                                                                                  • API String ID: 2862500452-2488410787
                                                                                                                                                                                                  • Opcode ID: ef69a45fb9a8d98a3e7d4beaa163ba7c94590803dc5b94dc991fefc783aab643
                                                                                                                                                                                                  • Instruction ID: 24b147bc9a002fea4a62b88368d981a48f0c15b8e85cb8378e8374e035e88a4e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef69a45fb9a8d98a3e7d4beaa163ba7c94590803dc5b94dc991fefc783aab643
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CBE14CB19083018BD714EF3AD54131BBAE5AF84344F01C93FE989A73A1DB78D8519B8B

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _setmode$ExceptionExitFilterProcessUnhandled__getmainargs__p__environ__p__fmode_cexit
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3695137517-0
                                                                                                                                                                                                  • Opcode ID: 60854d5bb89194ddad18fca627b3fed1a2910dcd429b76d8ba96fdf7a2bac1dc
                                                                                                                                                                                                  • Instruction ID: 9b036dcc62e5206002a8964a93b809c6819fe7ae1a2a78e05521c6610f765c41
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 60854d5bb89194ddad18fca627b3fed1a2910dcd429b76d8ba96fdf7a2bac1dc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34212AB4A053048FC704FF65D58161ABBF5BF88344F01C93EE895A73A6DB389850CB5A

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 115 405390-40545e call 406c70 memset * 4 FindResourceExA 118 405464-40547b LoadResource 115->118 119 405a9e-405ab1 SetLastError 115->119 120 4054cd-405517 FindResourceExA 118->120 121 40547d-40548c LockResource 118->121 122 405ab9-405ad3 strcat strlen 119->122 124 405a83-405a96 SetLastError 120->124 125 40551d-405533 LoadResource 120->125 121->120 123 40548e 121->123 126 405ad8-405add 122->126 127 405490-40549a 123->127 124->119 128 405535-405544 LockResource 125->128 129 405597-4055c4 FindResourceExA 125->129 136 405ae9-405b0b strcat strlen 126->136 127->127 132 40549c-4054a4 127->132 128->129 133 405546-405549 128->133 130 4058e6-4058f9 SetLastError 129->130 131 4055ca-4055e1 LoadResource 129->131 134 4058fc-4058fe 130->134 131->134 135 4055e7-4055f6 LockResource 131->135 132->120 137 4054a6-4054ad 132->137 138 405550-40555e 133->138 139 405900-405942 strlen strcat strlen 134->139 140 40595b-4059a9 strlen strncat strlen 134->140 135->134 141 4055fc-4055fe 135->141 136->126 137->120 142 4054af-4054c8 fprintf 137->142 138->138 143 405560-405568 138->143 144 405947-40595a 139->144 146 4059b7-4059d9 strcat strlen 140->146 147 4059ab-4059b0 140->147 145 405600-40560d 141->145 142->120 143->129 148 40556a-405571 143->148 145->145 150 40560f-405617 145->150 146->144 147->146 148->129 149 405573-405592 fprintf 148->149 149->129 151 405626-405653 FindResourceExA 150->151 152 405619-405620 150->152 154 405a39-405a4c SetLastError 151->154 155 405659-405670 LoadResource 151->155 152->151 153 405b0d-405b30 fprintf 152->153 153->151 157 405a4f-405a56 154->157 156 405676-405685 LockResource 155->156 155->157 156->157 158 40568b 156->158 159 4056b4-405713 call 403100 strlen 157->159 160 405a5c-405a7e fwrite 157->160 162 40568d-40569b 158->162 159->122 165 405719-405720 159->165 160->159 162->162 164 40569d-4056a5 162->164 164->159 166 4056a7-4056ae 164->166 165->136 167 405726-405741 strtok 165->167 166->159 168 405b35-405b59 fprintf 166->168 169 405897-4058e5 strlen * 2 strcat 167->169 170 405747-405749 167->170 168->159 171 405750-405757 170->171 172 40575d-405770 strpbrk 171->172 173 4059de-405a06 fprintf strpbrk 171->173 174 405776-40578b strrchr 172->174 175 405a0c-405a34 strcat strlen 172->175 173->174 173->175 176 405792-4057d2 strncpy _findfirst 174->176 177 40578d-40578f 174->177 178 405878-405891 strtok 175->178 179 405870-405873 _findclose 176->179 180 4057d8-4057de 176->180 177->176 178->169 178->171 179->178 181 4057f6-405837 strcpy strcat strlen 180->181 182 4057e0-4057f4 _findnext 181->182 183 405839-405868 fprintf _findnext 181->183 182->179 182->181 183->181 184 40586a 183->184 184->179
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Resource$strlen$strcat$ErrorFindLastLoadLockfprintfmemset$_findnextstrpbrkstrtok$_findclose_findfirstfwritestrcpystrncatstrncpystrrchr
                                                                                                                                                                                                  • String ID: " :%s$-Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\$-cla$-jar$-jar$Add classpath:%s$Resource %d:%s$org.develnext.jphp.ext.javafx.FXLauncher$sspa$th "$true
                                                                                                                                                                                                  • API String ID: 689643918-4039676490
                                                                                                                                                                                                  • Opcode ID: f3cc387d6fe282e7dd2616dd62daa608cb237d8618ec9fd67493d2c34684ebff
                                                                                                                                                                                                  • Instruction ID: 45e07854ae54010095be9281c7dcb4a820f195fbc1c947dc7b9175b2af9540e9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3cc387d6fe282e7dd2616dd62daa608cb237d8618ec9fd67493d2c34684ebff
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE1261B09087018BD710AF29C54065BBBE5EF94304F0589BFE8C9AB391D77D8995CF8A

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 393 403d20-403d7d call 406c70 memset FindResourceExA 396 403e91-403ea9 SetLastError 393->396 397 403d83-403d9a LoadResource 393->397 398 403eb0-403eb9 396->398 397->398 399 403da0-403daf LockResource 397->399 399->398 400 403db5-403db9 399->400 401 403dc0-403dca 400->401 401->401 402 403dcc-403dd4 401->402 403 403de3-403e1e memset call 403100 402->403 404 403dd6-403ddd 402->404 408 403fc4-403fd4 fprintf 403->408 409 403e24-403e2b 403->409 404->403 406 403fde-403ffc fprintf 404->406 406->403 408->406 410 403e3a-403e45 strcpy 409->410 411 403e2d-403e34 409->411 413 403e4a-403e51 call 402690 410->413 411->410 412 403f77-403fa1 strncpy strlen 411->412 415 403fa3-403fa8 412->415 416 403faf-403fbf strcat 412->416 417 403e56-403e58 413->417 415->416 416->413 417->398 418 403e5a-403e62 417->418 419 403e64 418->419 420 403eba-403efb FindResourceExA 418->420 421 403e69-403e90 strcpy 419->421 422 404001-404017 SetLastError 420->422 423 403f01-403f18 LoadResource 420->423 424 403f50-403f6c 422->424 423->424 425 403f1a-403f29 LockResource 423->425 424->421 427 403f72 424->427 425->424 426 403f2b 425->426 428 403f2d-403f37 426->428 427->412 428->428 429 403f39-403f41 428->429 429->424 430 403f43-403f4a 429->430 430->424 431 40401c-40403a fprintf 430->431 431->424
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • memset.MSVCRT ref: 00403D50
                                                                                                                                                                                                  • FindResourceExA.KERNEL32(00000003,00412360,?), ref: 00403D73
                                                                                                                                                                                                  • LoadResource.KERNEL32(?,?,?,00404A72), ref: 00403D90
                                                                                                                                                                                                  • LockResource.KERNEL32(?,?,?,?,?,00404A72), ref: 00403DA3
                                                                                                                                                                                                  • memset.MSVCRT ref: 00403DFB
                                                                                                                                                                                                  • strcpy.MSVCRT ref: 00403E45
                                                                                                                                                                                                  • strcpy.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,00404A72), ref: 00403E7F
                                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,00404A72), ref: 00403E98
                                                                                                                                                                                                  • FindResourceExA.KERNEL32 ref: 00403EF1
                                                                                                                                                                                                  • LoadResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,00404A72), ref: 00403F0E
                                                                                                                                                                                                  • LockResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00404A72), ref: 00403F1D
                                                                                                                                                                                                  • strncpy.MSVCRT ref: 00403F89
                                                                                                                                                                                                  • strlen.MSVCRT ref: 00403F95
                                                                                                                                                                                                  • strcat.MSVCRT ref: 00403FBA
                                                                                                                                                                                                  • fprintf.MSVCRT ref: 00403FD4
                                                                                                                                                                                                  • fprintf.MSVCRT ref: 00403FF7
                                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00404A72), ref: 00404008
                                                                                                                                                                                                  • fprintf.MSVCRT ref: 00404035
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Resource$fprintf$ErrorFindLastLoadLockmemsetstrcpy$strcatstrlenstrncpy
                                                                                                                                                                                                  • String ID: :$Bundled JRE:%s$C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre$C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exe$Resource %d:%s$\$true
                                                                                                                                                                                                  • API String ID: 1825146110-35884959
                                                                                                                                                                                                  • Opcode ID: b93b39cbe82f5e2f208a7984e44e89cdccab112937a32fab5cc704911dd864f8
                                                                                                                                                                                                  • Instruction ID: a351f2335a7c1ffd526f9bc51b8a145b2b5fd6ff43207c8f2e401759d570546c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b93b39cbe82f5e2f208a7984e44e89cdccab112937a32fab5cc704911dd864f8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 178160B09083019BD710AF29D54035ABFE9EF84344F05C87FE989AB3D1DB7C99558B8A

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 432 403790-4037cc FindResourceExA 433 4037d2-4037e9 LoadResource 432->433 434 4039b4-4039c6 SetLastError 432->434 435 40383a-40389f memset strlen strncpy strlen _open 433->435 436 4037eb-4037fa LockResource 433->436 437 4039ce-4039ec fprintf 434->437 438 4038a5-4038ac 435->438 439 403976-40397d 435->439 436->435 440 4037fc-4037fe 436->440 441 403826-403834 strlen 437->441 442 4038b2-4038f4 strlen _read 438->442 443 40399a-4039af fprintf 438->443 444 403800-40380d 440->444 441->435 445 403944-40394f 442->445 446 4038f6-4038f9 442->446 443->442 444->444 447 40380f-403817 444->447 448 403951-403955 445->448 449 403968-403971 _close 445->449 450 403900-403906 446->450 447->441 451 403819-403820 447->451 448->449 452 403957-403962 strlen 448->452 449->439 453 403990-403998 450->453 454 40390c-40391c 450->454 451->437 451->441 452->449 457 403940-403942 453->457 455 403980-403988 454->455 456 40391e-40392c 454->456 455->457 459 40398a-40398c 455->459 456->457 458 40392e-403932 456->458 457->445 457->450 458->457 460 403934 458->460 461 403937-403939 459->461 460->461 461->457
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: strlen$Resource$ErrorFindLastLoadLock_close_open_readmemsetstrncpy
                                                                                                                                                                                                  • String ID: Loading:%s$Resource %d:%s$ini
                                                                                                                                                                                                  • API String ID: 3498103655-913749543
                                                                                                                                                                                                  • Opcode ID: 1aeefc6938f78fb95fdeba6918e8ca31fde1e41f92e779772340ee2ce77c709b
                                                                                                                                                                                                  • Instruction ID: ffe5270cda513766b45dd1113f6f5d5a6076afea4e1b231d249c2800047aef03
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1aeefc6938f78fb95fdeba6918e8ca31fde1e41f92e779772340ee2ce77c709b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4E6181B59083118BDB10AF29C58035EBFE5AF44344F05847FE9C9A7382D7789A51CB8A

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • memset.MSVCRT ref: 0040689C
                                                                                                                                                                                                  • memset.MSVCRT ref: 004068BD
                                                                                                                                                                                                  • strcat.MSVCRT ref: 004068DA
                                                                                                                                                                                                  • strlen.MSVCRT ref: 004068E2
                                                                                                                                                                                                  • strcat.MSVCRT ref: 004068FE
                                                                                                                                                                                                  • CreateProcessA.KERNEL32 ref: 00406941
                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,?,?,?,?,0040A01C,00000001,00000000,?,0040151F), ref: 00406994
                                                                                                                                                                                                  • GetExitCodeProcess.KERNEL32 ref: 004069AC
                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,0040A01C,00000001,00000000,?,0040151F), ref: 004069BD
                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,0040A01C,00000001,00000000,?,0040151F), ref: 004069CE
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • D, xrefs: 004068A1
                                                                                                                                                                                                  • -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\, xrefs: 004068F2
                                                                                                                                                                                                  • C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exe, xrefs: 004068C7
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseHandleProcessmemsetstrcat$CodeCreateExitObjectSingleWaitstrlen
                                                                                                                                                                                                  • String ID: -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\$C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exe$D
                                                                                                                                                                                                  • API String ID: 196992964-920444297
                                                                                                                                                                                                  • Opcode ID: 925ee4bed1523179cba05dbda226f6a8605d2966789c7c8ca7956b0a3c785639
                                                                                                                                                                                                  • Instruction ID: c9cdd45e2a5c81e006214db6be6d40eb90bac674d27234413dd11b55ebfa4603
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 925ee4bed1523179cba05dbda226f6a8605d2966789c7c8ca7956b0a3c785639
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF4129B19083009BD700EF69D58064EFBF0FF84310F02897EE599AB391D7789965CB8A

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 470 402690-4026c7 memset 471 402708-40271c strcpy 470->471 472 4026c9-4026d0 470->472 475 402776-402783 strlen 471->475 476 40271e-40272b strlen 471->476 473 4026d2-4026d9 472->473 474 4026f9-402707 472->474 477 4026e0-4026f4 fprintf 473->477 478 4026db 473->478 481 402785 475->481 482 40278b-402794 475->482 479 402733-402738 476->479 480 40272d 476->480 477->474 478->477 483 40273c-40275c strcat _stat 479->483 480->479 481->482 482->483 483->472 484 402762-402771 SetLastError 483->484 484->472
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: strlen$ErrorLast_statfprintfmemsetstrcatstrcpy
                                                                                                                                                                                                  • String ID: (OK)$(not found)$Check launcher:%s %s$bin\java.exe$bin\javaw.exe
                                                                                                                                                                                                  • API String ID: 1479257852-1030199565
                                                                                                                                                                                                  • Opcode ID: 045868294d0a7ed06c315ae385c8820c2325015fc6260560a2149f7d46a293a6
                                                                                                                                                                                                  • Instruction ID: e8944f1a8106916e4475c21f7cef91e4a366f81d5ed1b62317d4ded5b41b0450
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 045868294d0a7ed06c315ae385c8820c2325015fc6260560a2149f7d46a293a6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A63191B4908705DFD710AF65C58421EBBE0AF44304F16887FE888BB3D1D7B88941CB8A

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 485 4013e9-401400 call 4021a0 489 401402-401415 strstr 485->489 490 40141b-401436 call 4021a0 485->490 489->490 491 40180d-401812 489->491 494 4015e9-4015f7 call 4021a0 490->494 495 40143c 490->495 491->490 497 401441-40144e 494->497 504 4015fd-401610 strstr 494->504 495->497 498 401450-401452 497->498 499 401458-4014c6 CreateWindowExA 497->499 498->499 501 4017e6-4017e8 498->501 502 40161b-401644 call 4020c0 499->502 503 4014cc-4014d4 499->503 506 4014d6-401504 SetTimer 501->506 509 4017ee 501->509 514 401646-401657 atoi 502->514 515 401668-401688 call 4021a0 502->515 503->506 507 40150a-401521 call 406860 503->507 504->497 508 401616 504->508 506->507 511 4013d5-4013da call 401ed0 506->511 507->511 523 401527-40152f 507->523 508->502 513 4017f3-4017fa 509->513 529 4013df-4013e6 511->529 518 401837-401859 fwrite 513->518 519 4017fc-401808 call 406830 call 401c10 513->519 520 40165d-401662 514->520 521 40193f-401944 514->521 531 4016a3-4016ee call 4021a0 LoadImageA 515->531 532 40168a-40169d strstr 515->532 518->519 519->529 520->515 521->515 527 401531-401539 523->527 528 40153f-401545 523->528 527->513 527->528 533 40155d-40157c GetMessageA 528->533 531->511 544 4016f4-4017de SendMessageA GetWindowRect GetSystemMetrics * 2 SetWindowPos ShowWindow UpdateWindow 531->544 532->531 535 401949-40194e 532->535 537 401547-40155a TranslateMessage DispatchMessageA 533->537 538 40157e-401586 533->538 535->531 537->533 541 4015b0-4015bc call 406830 538->541 542 401588-40158f 538->542 549 4015cc-4015d4 541->549 550 4015be-4015c6 541->550 542->541 545 401591-401599 542->545 547 4017e1 544->547 545->541 548 40159b-4015ab fprintf 545->548 547->501 548->541 551 401817-40182d fprintf 549->551 552 4015da-4015e4 call 401c10 549->552 550->547 550->549 551->518 552->529
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 004021A0: FindResourceExA.KERNEL32 ref: 004021DD
                                                                                                                                                                                                    • Part of subcall function 004021A0: LoadResource.KERNEL32 ref: 004021FA
                                                                                                                                                                                                    • Part of subcall function 004021A0: LockResource.KERNEL32 ref: 00402209
                                                                                                                                                                                                    • Part of subcall function 004021A0: fprintf.MSVCRT ref: 00402253
                                                                                                                                                                                                  • strstr.MSVCRT ref: 0040140E
                                                                                                                                                                                                  • CreateWindowExA.USER32 ref: 004014B1
                                                                                                                                                                                                  • SetTimer.USER32 ref: 004014FA
                                                                                                                                                                                                  • TranslateMessage.USER32 ref: 0040154A
                                                                                                                                                                                                  • DispatchMessageA.USER32 ref: 00401555
                                                                                                                                                                                                  • GetMessageA.USER32 ref: 00401572
                                                                                                                                                                                                  • fprintf.MSVCRT ref: 004015AB
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MessageResource$fprintf$CreateDispatchFindLoadLockTimerTranslateWindowstrstr
                                                                                                                                                                                                  • String ID: --l4j-no-splash$Exit code:%d, restarting the application!$STATIC
                                                                                                                                                                                                  • API String ID: 2241055113-1185063601
                                                                                                                                                                                                  • Opcode ID: 33ac18716a739c8569af302160795fed5acb0a4af97f80bbe930cd5371412de7
                                                                                                                                                                                                  • Instruction ID: 67a90b80666c473e9742fa792ab923d60fcf46590e4eeb89ab99995b83f5f157
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33ac18716a739c8569af302160795fed5acb0a4af97f80bbe930cd5371412de7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F514B71A043058BD714DF2AD94035BB7F1ABC4300F15C83FE989AB3A0EB39C8519B8A

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _setmode$ExitProcess__p__environ__p__fmode_cexit
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2747451157-0
                                                                                                                                                                                                  • Opcode ID: 55b44065cfc3671dcbda3173ad3e590a602a7e1e9e535e6ec2c50fd80800269a
                                                                                                                                                                                                  • Instruction ID: 6dd9965de3e649a4df042f89f412d9c8f3f420679e1b57de8b71a4d36494cbca
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 55b44065cfc3671dcbda3173ad3e590a602a7e1e9e535e6ec2c50fd80800269a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD1109746057108FC304FF25D9C181A77B1BF88304B12CA7EE986AB3A6C738D850DB4A

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 580 406a10-406a40 call 406c70 call 406c00 GetCommandLineA GetStartupInfoA 585 406a42 580->585 586 406a48-406a5b 580->586 587 406ae6-406afe GetModuleHandleA 585->587 588 406a47 586->588 589 406a5d-406a60 586->589 590 406b00 587->590 591 406b04-406b21 call 4013b0 587->591 588->586 592 406aa0-406ab3 589->592 593 406a62-406a72 589->593 590->591 592->592 597 406ab5-406ab8 592->597 595 406ac0-406acc 593->595 596 406a74-406a7a 593->596 602 406ae0-406ae4 595->602 599 406a80-406a82 596->599 600 406b22-406b26 597->600 601 406aba 597->601 599->595 604 406a84-406a98 599->604 600->595 601->595 602->587 603 406ad0-406add 602->603 603->602 604->599 605 406a9a 604->605 605->595
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CommandHandleInfoLineModuleStartup
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1628297973-0
                                                                                                                                                                                                  • Opcode ID: 426b7e169bc4001adf4ac2880b2c14a6d5950ebf415b9d4ab6f3d543cdd5321b
                                                                                                                                                                                                  • Instruction ID: ebf8bf4e4e20132a1a66f6807e23304a966a01df456f573df18988500c29227c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 426b7e169bc4001adf4ac2880b2c14a6d5950ebf415b9d4ab6f3d543cdd5321b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00215CB67047154FEB147636C4A23AB7BE26F42344F8AC03BC583321C3D23C5AB59A06

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 606 406a9c 607 406aa0-406ab3 606->607 607->607 608 406ab5-406ab8 607->608 609 406b22-406b26 608->609 610 406aba 608->610 611 406ac0-406acc 609->611 610->611 612 406ae0-406ae4 611->612 613 406ad0-406add 612->613 614 406ae6-406afe GetModuleHandleA 612->614 613->612 615 406b00 614->615 616 406b04-406b21 call 4013b0 614->616 615->616
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                                                  • Opcode ID: 661c79fa3b8ac9abb4e224266d4cded6d62ffdd14050f3927dba7b757e43ebb2
                                                                                                                                                                                                  • Instruction ID: f042ff4e9afc238231ba2f0a1a21a068439de561cfa6daf720de4363d65ecbf7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 661c79fa3b8ac9abb4e224266d4cded6d62ffdd14050f3927dba7b757e43ebb2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23F0F4B1A047154BDB14AF39C09139BBBF2AF40348F86C43EC987732C2D37C99608A02

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 619 406ace 620 406ad0-406ae4 619->620 622 406ae6-406afe GetModuleHandleA 620->622 623 406b00 622->623 624 406b04-406b21 call 4013b0 622->624 623->624
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                                                  • Opcode ID: acdd093e482f5bde7bba130dde77f32350e70ae8059faee5c55a3686f59b36ed
                                                                                                                                                                                                  • Instruction ID: 3ce4b8eff68f737e1e19327138148219799e312e833f16ad5da121a4cd60d1db
                                                                                                                                                                                                  • Opcode Fuzzy Hash: acdd093e482f5bde7bba130dde77f32350e70ae8059faee5c55a3686f59b36ed
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DF0A0B6A083244ADB04AF7AC18136AFFF1AF45358F45C47ED985626D2D27C8550CB52

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 627 401290-4012a3 __set_app_type call 401150 629 4012a8-4012a9 627->629
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __set_app_type.MSVCRT ref: 0040129D
                                                                                                                                                                                                    • Part of subcall function 00401150: SetUnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?,?,004012A8), ref: 00401161
                                                                                                                                                                                                    • Part of subcall function 00401150: __getmainargs.MSVCRT ref: 0040119A
                                                                                                                                                                                                    • Part of subcall function 00401150: _setmode.MSVCRT ref: 004011D5
                                                                                                                                                                                                    • Part of subcall function 00401150: _setmode.MSVCRT ref: 004011FB
                                                                                                                                                                                                    • Part of subcall function 00401150: __p__fmode.MSVCRT ref: 00401200
                                                                                                                                                                                                    • Part of subcall function 00401150: __p__environ.MSVCRT ref: 00401215
                                                                                                                                                                                                    • Part of subcall function 00401150: _cexit.MSVCRT ref: 00401239
                                                                                                                                                                                                    • Part of subcall function 00401150: ExitProcess.KERNEL32 ref: 00401241
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _setmode$ExceptionExitFilterProcessUnhandled__getmainargs__p__environ__p__fmode__set_app_type_cexit
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 250851222-0
                                                                                                                                                                                                  • Opcode ID: f8f8779216d611a18a63dbf5b8c311eb09e190107aa71f1f2c959bcc01329ce4
                                                                                                                                                                                                  • Instruction ID: f3566ed841fe2c78bbec3e3585cf37c7a6b3b3915cdcc1304e07bfa49eda4ab5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8f8779216d611a18a63dbf5b8c311eb09e190107aa71f1f2c959bcc01329ce4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3C09B3041421497C3003FB5DC0E359BBA87B05305F41443CD5C967261D67839054796
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,004013DA), ref: 00401ED7
                                                                                                                                                                                                  • puts.MSVCRT ref: 00401F11
                                                                                                                                                                                                  • ShellExecuteA.SHELL32 ref: 00401F5A
                                                                                                                                                                                                  • printf.MSVCRT ref: 00401F89
                                                                                                                                                                                                  • fclose.MSVCRT ref: 00401F93
                                                                                                                                                                                                  • MessageBoxA.USER32 ref: 00401FBF
                                                                                                                                                                                                  • FormatMessageA.KERNEL32(?,?,?,?,?,?,?,?,004013DA), ref: 00401FFD
                                                                                                                                                                                                  • strlen.MSVCRT ref: 0040201F
                                                                                                                                                                                                  • strcat.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004013DA), ref: 00402040
                                                                                                                                                                                                  • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004013DA), ref: 0040204B
                                                                                                                                                                                                  • fprintf.MSVCRT ref: 0040206D
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message$ErrorExecuteFormatFreeLastLocalShellfclosefprintfprintfputsstrcatstrlen
                                                                                                                                                                                                  • String ID: An error occurred while starting the application.$Error msg:%s$Error:%s$Open URL:%s$open
                                                                                                                                                                                                  • API String ID: 1449747937-1100426463
                                                                                                                                                                                                  • Opcode ID: 1d01a69e9d7fb2250e9da01269d9a9a695086d462b34391a24b83a14a180ea29
                                                                                                                                                                                                  • Instruction ID: 2d12064388d49b1e09197d997951df6f1fa04ecba0d9f77cc5412a013d33004a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d01a69e9d7fb2250e9da01269d9a9a695086d462b34391a24b83a14a180ea29
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5041F1B0B083019BD704EF29D68525FBAE1BB84344F11C83FE589A7391D77C89559B8B
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Resource$FindLoadLockstrlen$strcat$ErrorLastfprintf
                                                                                                                                                                                                  • String ID: - $-bit$1.8.0$1.8.0$An error occurred while starting the application.$Resource %d:%s
                                                                                                                                                                                                  • API String ID: 484976878-253376002
                                                                                                                                                                                                  • Opcode ID: b992894269d4df67585a336ef44875f4a4d0f1fa0297b5c6ea2c178211651a31
                                                                                                                                                                                                  • Instruction ID: 34e31f97e9555f3506bafa7709ed99a0cf1f3aa383949e3ef6a0ea41d6191ac0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b992894269d4df67585a336ef44875f4a4d0f1fa0297b5c6ea2c178211651a31
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50B170B07183018BD704EF3AD64035ABAE1BB84344F05C93ED989E7391D77DC9658B9A
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: strcpy$memsetstrcmpstrlen$fprintfstrcat$EnumOpenstrchrstrncpy
                                                                                                                                                                                                  • String ID: %s-bit search:%s...$1.8.0$Check:%s$Ignore:%s$Match:%s
                                                                                                                                                                                                  • API String ID: 972160396-125968938
                                                                                                                                                                                                  • Opcode ID: c86c034fc67a71293e03635b1d03b0b522562ab163ebdae5596db442e3a19ad0
                                                                                                                                                                                                  • Instruction ID: 9a2c2f7deab8620c59848cd1e9c546dad7476eac0264ac07e1180a0b30e31d97
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c86c034fc67a71293e03635b1d03b0b522562ab163ebdae5596db442e3a19ad0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25A12AB49087149BC711EF25C98429EFBF5AF84704F0188BFE489A7391D7789A858F86
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: strcat$strncat$memsetstrchr$CurrentDirectoryEnvironmentVariablestrlenstrstr
                                                                                                                                                                                                  • String ID: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre$C:\Windows\system32$EXEDIR$EXEFILE$HKEY$JREHOMEDIR$OLDPWD$PWD$Substitute:%s = %s
                                                                                                                                                                                                  • API String ID: 3324974479-2056100928
                                                                                                                                                                                                  • Opcode ID: 6614e760f1d2ee19f4b253176852c44bfd1491407e5a90ce63a812219ddd9ebb
                                                                                                                                                                                                  • Instruction ID: ed202c75566bdcf25b9861d036979bf7c043f81e68319857b6959b64db836d4b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6614e760f1d2ee19f4b253176852c44bfd1491407e5a90ce63a812219ddd9ebb
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80711C759043159BCB54DF25C88025ABBE5FF84314F41C8BEE98DA7381DB389E85CB8A
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Heap limit:Reduced %d MB heap size to 32-bit maximum %d MB, xrefs: 004036B0
                                                                                                                                                                                                  • Resource %d:%s, xrefs: 004034A3, 00403563
                                                                                                                                                                                                  • Heap %s:Requested %d MB / %d%%, Available: %d MB, Heap size: %d MB, xrefs: 00403688
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Resource$FindLoadLockatoifprintfstrlen$ErrorLast_itoastrcat
                                                                                                                                                                                                  • String ID: Heap %s:Requested %d MB / %d%%, Available: %d MB, Heap size: %d MB$Heap limit:Reduced %d MB heap size to 32-bit maximum %d MB$Resource %d:%s
                                                                                                                                                                                                  • API String ID: 1284713559-335395982
                                                                                                                                                                                                  • Opcode ID: 49b52521ad4b28281b4610723bdc3fecec1105f7fc221ab9df715c009cf8496d
                                                                                                                                                                                                  • Instruction ID: 556c7044ae09a008ffae0a8d9fc69ada731a51744f4509117c473fc4c8ef08ad
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 49b52521ad4b28281b4610723bdc3fecec1105f7fc221ab9df715c009cf8496d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC916FB19083159BDB14EF69C58025FBBF5BF88304F05883EE889AB391D738D915CB86
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: strstr$fprintfmemset$EnvironmentVariablefopenstrlenstrncpy
                                                                                                                                                                                                  • String ID: Version:%s$--l4j-debug$--l4j-debug-all$3.9$CmdLine:%s %s$debug$debug-all$j.lo$nch4
                                                                                                                                                                                                  • API String ID: 1991431792-3923029096
                                                                                                                                                                                                  • Opcode ID: a285fad08061a693a5248468f59be63a75b3341ece323a7797179705ea493636
                                                                                                                                                                                                  • Instruction ID: 60ffc86f505bfdbbbba3efb310094abc59b8358325a5033e9b193ab27e218064
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a285fad08061a693a5248468f59be63a75b3341ece323a7797179705ea493636
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA411DB49083059BC710AF6AC58056EFBE5EF84754F01C83FE989AB391D738D851DB8A
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\, xrefs: 00405C13, 00405C2F, 00405CAE, 00405CCA
                                                                                                                                                                                                  • --l4j-, xrefs: 00405C50, 00405C8E
                                                                                                                                                                                                  • Resource %d:%s, xrefs: 00405D11
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Resource$strcatstrlenstrstr$ErrorFindLastLoadLockmemsetstrchrstrcpy
                                                                                                                                                                                                  • String ID: --l4j-$-Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\$Resource %d:%s
                                                                                                                                                                                                  • API String ID: 782867121-2842270848
                                                                                                                                                                                                  • Opcode ID: ac6294b31dbabfa38df6261dad10e70e22e75e7ae9a4ecf5308ff82ecc24c60d
                                                                                                                                                                                                  • Instruction ID: d40fd4806269129820aebf3143e2994a5f350a870bc7b93ef3ae692e42a163e9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ac6294b31dbabfa38df6261dad10e70e22e75e7ae9a4ecf5308ff82ecc24c60d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E6414DB0908B019AE714AF29C54432BBAE5EF45704F01C87FE589A73C2D73D88958F9B
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: strstr$Open$CloseQueryValuestrchrstrrchr
                                                                                                                                                                                                  • String ID: HKEY$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS
                                                                                                                                                                                                  • API String ID: 356245303-4236897492
                                                                                                                                                                                                  • Opcode ID: a1b4684ee25663612e490b4be978381a64ee457d4bbee82a063a929b877f78fc
                                                                                                                                                                                                  • Instruction ID: 2ae7df6790b6f1853f37995f78c893f74154cd1711da3b843cecc37fcb260c67
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a1b4684ee25663612e490b4be978381a64ee457d4bbee82a063a929b877f78fc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B414FB5D087069BDB00EF69C98425EFBE1BF84314F05883FE988A7381D77899448B96
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Resource$fprintfmemset$CurrentDirectoryErrorFindLastLoadLock_chdirstrcatstrlenstrncpy
                                                                                                                                                                                                  • String ID: C:\Windows\system32$Resource %d:%s$Working dir:%s
                                                                                                                                                                                                  • API String ID: 422477114-3401223222
                                                                                                                                                                                                  • Opcode ID: 9c9ccb99f420a877555200c07f2862f7891259c708e168cf86730445fea71b0e
                                                                                                                                                                                                  • Instruction ID: 349f221890d6d40fe71c0e96cafd37487ebf52b12bf3dfd57c186abffd885e97
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c9ccb99f420a877555200c07f2862f7891259c708e168cf86730445fea71b0e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1416BB19087119BE700AF29D58135EBFE4EF84344F01883EE989A7381D7389994CB8A
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Runtime used:%s (%s-bit), xrefs: 004041DF
                                                                                                                                                                                                  • 1.8.0, xrefs: 00404051
                                                                                                                                                                                                  • C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre, xrefs: 004041AC
                                                                                                                                                                                                  • Resource %d:%s, xrefs: 0040428D
                                                                                                                                                                                                  • C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exe, xrefs: 004041A5
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Resource$FindLoadLockatoifprintfstrcpy
                                                                                                                                                                                                  • String ID: 1.8.0$C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre$C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exe$Resource %d:%s$Runtime used:%s (%s-bit)
                                                                                                                                                                                                  • API String ID: 1856142485-1723830609
                                                                                                                                                                                                  • Opcode ID: d297cc4e5c952a856f3d68dfdf06d37a651345b527a0279046be52caef7b7906
                                                                                                                                                                                                  • Instruction ID: 209fe916da85df5c911ae4276ce2f96064c2a1019c36ad74d5d97ab76ae223e1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d297cc4e5c952a856f3d68dfdf06d37a651345b527a0279046be52caef7b7906
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8513AB0A083059BD704AF65D54436EBBE1ABC4304F01C87EE989AB3D2D77D9C919B4A
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • memset.MSVCRT ref: 00405211
                                                                                                                                                                                                  • memset.MSVCRT ref: 00405228
                                                                                                                                                                                                  • FindResourceExA.KERNEL32(?,00000000,?), ref: 00405250
                                                                                                                                                                                                  • LoadResource.KERNEL32(?,?,?,00406514), ref: 0040526D
                                                                                                                                                                                                  • LockResource.KERNEL32(?,?,?,?,?,00406514), ref: 0040527C
                                                                                                                                                                                                  • fprintf.MSVCRT ref: 004052C8
                                                                                                                                                                                                  • SetEnvironmentVariableA.KERNEL32 ref: 004052EC
                                                                                                                                                                                                  • strtok.MSVCRT(?,?,?,?,00406514), ref: 004052FF
                                                                                                                                                                                                  • strchr.MSVCRT ref: 00405316
                                                                                                                                                                                                  • fprintf.MSVCRT ref: 0040535A
                                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,00406514), ref: 00405373
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Resource$fprintfmemset$EnvironmentErrorFindLastLoadLockVariablestrchrstrtok
                                                                                                                                                                                                  • String ID: Resource %d:%s$Set var:%s = %s
                                                                                                                                                                                                  • API String ID: 301265589-2172967655
                                                                                                                                                                                                  • Opcode ID: 269e6b674d12423d849caec9e5e778c3ff3d2c18b953fcfb33869b71bd7f8dc3
                                                                                                                                                                                                  • Instruction ID: afa5dd9bf5237a591f145b88366e3ef618c797e9271656589243b0a106b18b75
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 269e6b674d12423d849caec9e5e778c3ff3d2c18b953fcfb33869b71bd7f8dc3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA4138B0A087019BD710AF2AD58035FBBE4EF88340F41C87EE489A7391D738D9559F9A
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • appendToPathVar failed., xrefs: 00405186
                                                                                                                                                                                                  • Error:%s, xrefs: 0040518B
                                                                                                                                                                                                  • C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exe, xrefs: 004050F1
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: strlen$EnvironmentVariablememset$fprintfstrcatstrcpy
                                                                                                                                                                                                  • String ID: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exe$Error:%s$appendToPathVar failed.
                                                                                                                                                                                                  • API String ID: 495583820-4245245166
                                                                                                                                                                                                  • Opcode ID: 1bd0987b0e2fc78d473a59205c3eea85c459be8ceac31c8754d4a8f2c5af2878
                                                                                                                                                                                                  • Instruction ID: f6e45bb88e98a1b81569ded4109919bd0ed7862b498e3da174d31cb25c7df640
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1bd0987b0e2fc78d473a59205c3eea85c459be8ceac31c8754d4a8f2c5af2878
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 232161B5A087109AD710AF2AD44016FBBE5EFC4704F42C43FE489AB391D73C88528B8A
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Resource$ErrorLastfprintf$CreateFindLoadLockMutexmemset
                                                                                                                                                                                                  • String ID: Error:%s$Instance already exists.$Resource %d:%s
                                                                                                                                                                                                  • API String ID: 1676011544-3441027790
                                                                                                                                                                                                  • Opcode ID: 5d703d892fcee4d035bb5678ce239c4aadbc0211198db526eb703aee52715d62
                                                                                                                                                                                                  • Instruction ID: 63ebb8a2186d1c087548a531fdd3118c811b0fdf88078b365d510e972c39d1b2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d703d892fcee4d035bb5678ce239c4aadbc0211198db526eb703aee52715d62
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E414F70A083059BDB14EF39D58135ABBE4AB84344F00C87EE48EE73C1E678D9959F56
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memset$CloseOpenQueryValuestrcatstrcpystrlen
                                                                                                                                                                                                  • String ID: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre$JavaHome$jre
                                                                                                                                                                                                  • API String ID: 2991842512-1795315796
                                                                                                                                                                                                  • Opcode ID: d8b368d274ae85d4bc000698528c95442d51d74e1ab4d3ee601e9f643d251c95
                                                                                                                                                                                                  • Instruction ID: f9c37e86e1fa10c1b6e9cf4516faf301a59072f01b137ca7bee1a517f153a641
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8b368d274ae85d4bc000698528c95442d51d74e1ab4d3ee601e9f643d251c95
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A4152B5D047159BD710EF29C94425ABBE0EF84310F01C5BEE88DA7381D7789A84CF86
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Runtime used:%s (%s-bit), xrefs: 004041DF
                                                                                                                                                                                                  • C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre, xrefs: 004041AC
                                                                                                                                                                                                  • C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exe, xrefs: 004041A5
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Resource$fprintf$ErrorFindLastLoadLockatoistrcpy
                                                                                                                                                                                                  • String ID: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre$C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre\bin\javaw.exe$Runtime used:%s (%s-bit)
                                                                                                                                                                                                  • API String ID: 440416407-1353843407
                                                                                                                                                                                                  • Opcode ID: b3bc536126c4a8c1264af20974626aece3c182a84d0fe9925ec699f1c1c00d30
                                                                                                                                                                                                  • Instruction ID: 5389436385b8e7cd97168d55a14ed6d8c30c170912d26635384efc32abc192e5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3bc536126c4a8c1264af20974626aece3c182a84d0fe9925ec699f1c1c00d30
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3415CB0A043019BD714AF25D58436EBBE1ABC4304F05C87ED989AB3D2D77D9C918B4A
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseQueryValuememsetstrcatstrcpystrlen
                                                                                                                                                                                                  • String ID: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre$JavaHome$jre
                                                                                                                                                                                                  • API String ID: 2049115317-1795315796
                                                                                                                                                                                                  • Opcode ID: 5ea3d1e5677a1b9a5e222b99d69bfb2b1b3225a46dc7237ee8f34001a989facb
                                                                                                                                                                                                  • Instruction ID: 0f7c0f34ce8200dd43c2f0bb0ff6e98dc681f3c32799e7a142d2370fabdcc0ea
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ea3d1e5677a1b9a5e222b99d69bfb2b1b3225a46dc7237ee8f34001a989facb
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DB217F759087158AD710EF29C58439ABBE1EF84304F05C9BEE58967381D7789A84CB86
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Resource$FindLoadLockatoifprintf
                                                                                                                                                                                                  • String ID: Resource %d:%s$`O@
                                                                                                                                                                                                  • API String ID: 2193512306-2494596910
                                                                                                                                                                                                  • Opcode ID: d2c659763aea7fa65e5a142a8afab7499bcdc8dbce1d9b0d6845306160327ef1
                                                                                                                                                                                                  • Instruction ID: 0e451c3d1c8705976eb6372eae49d11802872584f9afc5ab120ed64a9f793ad4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2c659763aea7fa65e5a142a8afab7499bcdc8dbce1d9b0d6845306160327ef1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C4151709083059BDB149F29D68426EBBE1EF84300F14847FD885B73D0D6B8DD519B8A
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Resource$atoi$ErrorFindLastLoadLockfprintf
                                                                                                                                                                                                  • String ID: Resource %d:%s
                                                                                                                                                                                                  • API String ID: 1405122715-3770364717
                                                                                                                                                                                                  • Opcode ID: 860e33d9464aaac1aaf4294ce0ce0efbf730c1f33b9003797695dbf45b4547a1
                                                                                                                                                                                                  • Instruction ID: 173d0b95324560bc3b63ac67752d65b29fca71815bb9e03dc755f331b579f335
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 860e33d9464aaac1aaf4294ce0ce0efbf730c1f33b9003797695dbf45b4547a1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B21B2759083018BDB14EF3AD58076FBBE0AF84340F01883EE989A7391D73CD8658B96
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Resource$ErrorFindLastLoadLockfprintf
                                                                                                                                                                                                  • String ID: Resource %d:%s$true
                                                                                                                                                                                                  • API String ID: 2300709556-1650570159
                                                                                                                                                                                                  • Opcode ID: 81dd6341af696f5ba0067316c7a2603a014bd5558d3fa65d953e464f06248ab3
                                                                                                                                                                                                  • Instruction ID: edd0d00bdcf57973877bd5b19408a799ab47b92a6fbc58d7c0a8dfc23e37736a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 81dd6341af696f5ba0067316c7a2603a014bd5558d3fa65d953e464f06248ab3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA21FB72A083155BDB10AF79D54436BBBE4FF80350F05847FE989A73C0D639DA148B95
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressCurrentHandleModuleProcProcessfprintf
                                                                                                                                                                                                  • String ID: IsWow64Process$WOW64:%s$yes
                                                                                                                                                                                                  • API String ID: 24026888-2072328098
                                                                                                                                                                                                  • Opcode ID: 79cba90a5c32919940d47014e4f11db2286ddd08fea7034ebff4aa08fe6649a9
                                                                                                                                                                                                  • Instruction ID: aea4bb79273e8d534990c21f24d6dc2711a2c6fda4608cbe9aad56ecb48cfa11
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79cba90a5c32919940d47014e4f11db2286ddd08fea7034ebff4aa08fe6649a9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9001677060430597CB00BF75D58521B76E0AB84348F01C83ED5857B381D778DC25CB9A
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressCurrentHandleModuleProcProcessfprintf
                                                                                                                                                                                                  • String ID: IsWow64Process$WOW64:%s$yes
                                                                                                                                                                                                  • API String ID: 24026888-2072328098
                                                                                                                                                                                                  • Opcode ID: 0f449fa4e61134affe168ec5c855c7a0e9b7151d64be7ae9747b5a4d41c4c0fd
                                                                                                                                                                                                  • Instruction ID: a217be7bda152947c960663f56388daf3a3792abde6a83131336f65876ccd3cc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f449fa4e61134affe168ec5c855c7a0e9b7151d64be7ae9747b5a4d41c4c0fd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52F03170A0830597DB00BF75D58511F7AE4AB84348F01C83ED985AB3D6EB78DC249B9A
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\, xrefs: 00405CAE, 00405CCA
                                                                                                                                                                                                  • --l4j-, xrefs: 00405C50, 00405C8E
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: strstr$ErrorLaststrcatstrchrstrcpystrlen
                                                                                                                                                                                                  • String ID: --l4j-$-Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\asm-all.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\gson.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-json-ext.jar;lib\jphp-runtime.jar;lib\
                                                                                                                                                                                                  • API String ID: 1304447673-2724723538
                                                                                                                                                                                                  • Opcode ID: d165a1be7fc4b68c02de8a7e451452b4915db2d7301cae9c236fcca6c72a7ef8
                                                                                                                                                                                                  • Instruction ID: 56afbf9f269423abcfbc407513a566e97e7e4f5f61a7ec7fa9ea9c2cf9926f11
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d165a1be7fc4b68c02de8a7e451452b4915db2d7301cae9c236fcca6c72a7ef8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 950109745087109AE710AF65C44436BBAE1EF44304F45887FD589B73C2D77D88518B8A
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: KillMessagePostQuitTimer$CodeEnumExitProcessShowWindowWindows
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1905518172-0
                                                                                                                                                                                                  • Opcode ID: ed7f04139cc10e99910bf818abc7fe4566fa36b293454e2dcc1566a67e520c2f
                                                                                                                                                                                                  • Instruction ID: 4aa06db3ae75fa459c5dc857b340d842a3fba66811b007700aa9ab28a47e10bc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed7f04139cc10e99910bf818abc7fe4566fa36b293454e2dcc1566a67e520c2f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75216F71B053048BC714EF39EA4571A77E1AB80348F00853EE885A73A0D739E915DB9B
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Resource$ErrorFindLastLoadLockfprintf
                                                                                                                                                                                                  • String ID: Resource %d:%s
                                                                                                                                                                                                  • API String ID: 2300709556-3770364717
                                                                                                                                                                                                  • Opcode ID: 5fdb7a8abfa6b102f5a50e062b281fc94a6f536b858fcc5aa029184cd9954bbf
                                                                                                                                                                                                  • Instruction ID: 7b4c6ba3150bb0ca76113f71d5647f24083859b2f22289e308b5470f49ef36ec
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5fdb7a8abfa6b102f5a50e062b281fc94a6f536b858fcc5aa029184cd9954bbf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D321C570A083018BDB00FF39DA8035ABBE4EF44344F00847FE989EB381D278D8558B86
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Heap %s:Requested %d MB / %d%%, Available: %d MB, Heap size: %d MB, xrefs: 00403688
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: strlen$_itoafprintfstrcat
                                                                                                                                                                                                  • String ID: Heap %s:Requested %d MB / %d%%, Available: %d MB, Heap size: %d MB
                                                                                                                                                                                                  • API String ID: 309510014-1709647519
                                                                                                                                                                                                  • Opcode ID: 4c106ecc713cc839283f90cd6b49804e0ebd0d678dfbdb3f99c2325a0ba98a86
                                                                                                                                                                                                  • Instruction ID: e9b7ccf47b61d8f8975171a80ab5ecc25053be3e66329a59218f8502b43fd955
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c106ecc713cc839283f90cd6b49804e0ebd0d678dfbdb3f99c2325a0ba98a86
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B1115B59083059FCB04DF59C08129EFBF2FF88300F12882EE899AB351C7389855CB86
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: fopenmemsetstrlenstrncpy
                                                                                                                                                                                                  • String ID: j.lo$nch4
                                                                                                                                                                                                  • API String ID: 80595551-1605737849
                                                                                                                                                                                                  • Opcode ID: 70a3b17f3908ebedc0b3180f6b19ea0b43561d51c620d0b91f5d0ff4da68ae63
                                                                                                                                                                                                  • Instruction ID: 17a981617f60ab97fca732e22f92d21c70fcd95c49624fe496cb553d8773ac1f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70a3b17f3908ebedc0b3180f6b19ea0b43561d51c620d0b91f5d0ff4da68ae63
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0601E8B5D083049BC714AF25D48155AFBE0FF48314F42C86EA88D9B356D6389954CB96
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: signal
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1946981877-0
                                                                                                                                                                                                  • Opcode ID: dc29bf9aea78ba53ae1806de999a580e3e5e4b6085ce782c554fd26ddb7216e3
                                                                                                                                                                                                  • Instruction ID: 1bbb52622e8a19badba6bad6b28e715f43f04d6c83c205b25cbd975ffaf7a7a3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc29bf9aea78ba53ae1806de999a580e3e5e4b6085ce782c554fd26ddb7216e3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 63312FB0A042408BD724AF69C58036EB6A0BF49354F16893FD9C5E77E1C6BECCD0974A
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: EnvironmentVariablestrlen$memsetstrcat
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2108680700-0
                                                                                                                                                                                                  • Opcode ID: d95cb74e045f58805c42f9113675087c7de655c0657359ccab51889906dee4cd
                                                                                                                                                                                                  • Instruction ID: 19ba68cff2aee44dae23cc5b56ef49d50704ee26ecf9892f5ebb6658b324295f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d95cb74e045f58805c42f9113675087c7de655c0657359ccab51889906dee4cd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D1119B5D087149BCB00EF69C54105DFBF1EF88314F1284BEE888A7355DA385A518BC6
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: strcatstrlen
                                                                                                                                                                                                  • String ID: bin\java.exe$bin\javaw.exe
                                                                                                                                                                                                  • API String ID: 1179760717-2770878578
                                                                                                                                                                                                  • Opcode ID: b65ea48d9e9f20d7926c5458ddd7f93f7f40326ce165c218aab041ff87f19a90
                                                                                                                                                                                                  • Instruction ID: 7687c5f18350c46cbce8d6c5260ce5ab4989a23d013a9ddc911cfd2f41cc631c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b65ea48d9e9f20d7926c5458ddd7f93f7f40326ce165c218aab041ff87f19a90
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 01F062B4D183049EE710AF39D9C9A1ABBD4AF00308F46487EE4895F3D3D77A8450879A
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SetEnvironmentVariableA.KERNEL32 ref: 004052EC
                                                                                                                                                                                                  • strtok.MSVCRT(?,?,?,?,00406514), ref: 004052FF
                                                                                                                                                                                                  • strchr.MSVCRT ref: 00405316
                                                                                                                                                                                                    • Part of subcall function 00403100: memset.MSVCRT ref: 00403136
                                                                                                                                                                                                    • Part of subcall function 00403100: memset.MSVCRT ref: 00403151
                                                                                                                                                                                                    • Part of subcall function 00403100: strchr.MSVCRT ref: 0040316C
                                                                                                                                                                                                    • Part of subcall function 00403100: strchr.MSVCRT ref: 0040318A
                                                                                                                                                                                                    • Part of subcall function 00403100: strncat.MSVCRT ref: 004031AF
                                                                                                                                                                                                    • Part of subcall function 00403100: strncat.MSVCRT ref: 004031D5
                                                                                                                                                                                                    • Part of subcall function 00403100: strlen.MSVCRT ref: 004031EB
                                                                                                                                                                                                    • Part of subcall function 00403100: strstr.MSVCRT ref: 0040327E
                                                                                                                                                                                                  • fprintf.MSVCRT ref: 0040535A
                                                                                                                                                                                                  • SetLastError.KERNEL32(?,?,?,00406514), ref: 00405373
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: strchr$memsetstrncat$EnvironmentErrorLastVariablefprintfstrlenstrstrstrtok
                                                                                                                                                                                                  • String ID: Set var:%s = %s
                                                                                                                                                                                                  • API String ID: 3263537496-1184643595
                                                                                                                                                                                                  • Opcode ID: ee98d8c8936dcdd218bc3ae6b4bee14f3b7f662cf54e9fc7437ca12448ec09f5
                                                                                                                                                                                                  • Instruction ID: b35ccef8a7e5673246ed472a237be416f5c44ba05b5604b2d57a73e62d97e0d5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee98d8c8936dcdd218bc3ae6b4bee14f3b7f662cf54e9fc7437ca12448ec09f5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA01DAB05087109EC701AF2AC58031EBFE4AF88744F41C87FE4C8AB381D77889519F9A
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FormatMessageA.KERNEL32(?,?,?,?,?,?,?,?,004013DA), ref: 00401FFD
                                                                                                                                                                                                  • strlen.MSVCRT ref: 0040201F
                                                                                                                                                                                                  • strcat.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004013DA), ref: 00402040
                                                                                                                                                                                                  • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004013DA), ref: 0040204B
                                                                                                                                                                                                  • fprintf.MSVCRT ref: 004020A9
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FormatFreeLocalMessagefprintfstrcatstrlen
                                                                                                                                                                                                  • String ID: An error occurred while starting the application.
                                                                                                                                                                                                  • API String ID: 863393273-2110520379
                                                                                                                                                                                                  • Opcode ID: 9e24085052815f66a929547d79b0b0ecebc814cf3094997c733abd0dc5bb07b1
                                                                                                                                                                                                  • Instruction ID: 48929c70c90143ab4f29c9b601d13be01fb97ec1997cc056402bd9998a5ef999
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e24085052815f66a929547d79b0b0ecebc814cf3094997c733abd0dc5bb07b1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 730116B0A083018BC300EF69C28025BBBF1BB84314F01886EE8C9A7245D77896548B8A
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • memset.MSVCRT ref: 004012F4
                                                                                                                                                                                                    • Part of subcall function 004020C0: FindResourceExA.KERNEL32(?,?,?,00401888), ref: 004020EF
                                                                                                                                                                                                    • Part of subcall function 004020C0: LoadResource.KERNEL32 ref: 00402108
                                                                                                                                                                                                    • Part of subcall function 004020C0: LockResource.KERNEL32 ref: 00402117
                                                                                                                                                                                                  • FindWindowExA.USER32 ref: 0040132A
                                                                                                                                                                                                  • GetWindowTextA.USER32 ref: 00401350
                                                                                                                                                                                                  • strstr.MSVCRT ref: 0040135F
                                                                                                                                                                                                  • FindWindowExA.USER32 ref: 0040137F
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FindResourceWindow$LoadLockTextmemsetstrstr
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1871962372-0
                                                                                                                                                                                                  • Opcode ID: 1298e7c1909e02cac85a35fd553868d9f91c7302c22f4e1a6b2c68c72ce7dee5
                                                                                                                                                                                                  • Instruction ID: 5d52d5c0b459d14cb6f1974f7d56ade6fd7020e608e51b2663064d8790cfeea0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1298e7c1909e02cac85a35fd553868d9f91c7302c22f4e1a6b2c68c72ce7dee5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 282160B2A083019BE714AF6AD54129FFBE4EF84354F01C83FE98CD3691E67885548B86
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Runtime used:%s (%s-bit), xrefs: 00402FC4
                                                                                                                                                                                                  • C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre, xrefs: 00402F90
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: fprintfstrcpy
                                                                                                                                                                                                  • String ID: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre$Runtime used:%s (%s-bit)
                                                                                                                                                                                                  • API String ID: 1458319006-2565123076
                                                                                                                                                                                                  • Opcode ID: 5561c27fd72a1e767c22225ba6b48e1c42a17190cfea799da6d8e7f1897e806e
                                                                                                                                                                                                  • Instruction ID: e570360796af71997f007bbec0ddf7bd71377d3d7eeb5d391251dbc393d587ea
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5561c27fd72a1e767c22225ba6b48e1c42a17190cfea799da6d8e7f1897e806e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA3139719093019BD715AF24864839FB6A1EB80748F01C87FE8887B3C6D7BD9C419B8A
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Runtime used:%s (%s-bit), xrefs: 00402FC4
                                                                                                                                                                                                  • C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre, xrefs: 00402F90
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: fprintfstrcpy
                                                                                                                                                                                                  • String ID: C:\Program Files (x86)\ConsolHQ LTD\SkimarUtils\jre$Runtime used:%s (%s-bit)
                                                                                                                                                                                                  • API String ID: 1458319006-2565123076
                                                                                                                                                                                                  • Opcode ID: e34a0cca9953dcd10a531016e5b932c1cff74b83191ca0bd0e7937265830d13f
                                                                                                                                                                                                  • Instruction ID: 2e410cda6b073cc25c187766190d21a1da9afde98849d5476af63c368e3af956
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e34a0cca9953dcd10a531016e5b932c1cff74b83191ca0bd0e7937265830d13f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 602181719043059BD7149F15C64439BB7A5EB80348F01C87EE8887B3C6C7BD9C519B89
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GlobalMemoryStatusEx.KERNEL32 ref: 00403717
                                                                                                                                                                                                    • Part of subcall function 004033F0: FindResourceExA.KERNEL32 ref: 00403440
                                                                                                                                                                                                    • Part of subcall function 004033F0: LoadResource.KERNEL32 ref: 0040345C
                                                                                                                                                                                                    • Part of subcall function 004033F0: LockResource.KERNEL32 ref: 0040346B
                                                                                                                                                                                                    • Part of subcall function 004033F0: fprintf.MSVCRT ref: 004034B3
                                                                                                                                                                                                    • Part of subcall function 004033F0: atoi.MSVCRT ref: 004034C3
                                                                                                                                                                                                    • Part of subcall function 004033F0: FindResourceExA.KERNEL32 ref: 004034FE
                                                                                                                                                                                                    • Part of subcall function 004033F0: LoadResource.KERNEL32 ref: 0040351B
                                                                                                                                                                                                    • Part of subcall function 004033F0: LockResource.KERNEL32 ref: 0040352A
                                                                                                                                                                                                    • Part of subcall function 004033F0: fprintf.MSVCRT ref: 00403573
                                                                                                                                                                                                    • Part of subcall function 004033F0: atoi.MSVCRT ref: 00403583
                                                                                                                                                                                                    • Part of subcall function 004033F0: strcat.MSVCRT(?), ref: 0040361A
                                                                                                                                                                                                    • Part of subcall function 004033F0: strlen.MSVCRT ref: 00403622
                                                                                                                                                                                                    • Part of subcall function 004033F0: _itoa.MSVCRT ref: 00403639
                                                                                                                                                                                                    • Part of subcall function 004033F0: strlen.MSVCRT ref: 00403641
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Resource$FindLoadLockatoifprintfstrlen$GlobalMemoryStatus_itoastrcat
                                                                                                                                                                                                  • String ID: -Xms$-Xmx$@
                                                                                                                                                                                                  • API String ID: 2157757142-2676391021
                                                                                                                                                                                                  • Opcode ID: dff8b46c210c447c65d657b453adb865e188cc97235aba00eb8c1e73047c40b0
                                                                                                                                                                                                  • Instruction ID: 0838842f76f9e4a7ac68c74f3cf3971a36c87926e8153908363a189b489a0147
                                                                                                                                                                                                  • Opcode Fuzzy Hash: dff8b46c210c447c65d657b453adb865e188cc97235aba00eb8c1e73047c40b0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D01D7B09097099FC704DF69E18154EBBF1EF88304F10883EF489A7385D738D9449B46
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CodeEnumExitKillMessagePostProcessQuitTimerWindows
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 405088690-0
                                                                                                                                                                                                  • Opcode ID: 9d36f53bfc2b48dcf375a5f439baa85ef358b269035d827499970f5c7433ee0c
                                                                                                                                                                                                  • Instruction ID: 4530f2aae7447fe0df29e6f37fc7dc1219e95ab942fdeb78a325eac38ac8bd41
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d36f53bfc2b48dcf375a5f439baa85ef358b269035d827499970f5c7433ee0c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87F05EB59093008BC300BF34DA052197AE0AB40348F018A3FE8C5A33D1D77C9558EB9B
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                                  • String ID: Laun$ch4j
                                                                                                                                                                                                  • API String ID: 4139908857-52159806
                                                                                                                                                                                                  • Opcode ID: ba5704b0daeddb5bd746fd9b5eed543a5f99ab6f6a48090e1268a62a4232c58d
                                                                                                                                                                                                  • Instruction ID: 3efb9f204aa9b6cf598ae448a7fd9fa3256bf58a8a3bede9923b47c04f3ea8c0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ba5704b0daeddb5bd746fd9b5eed543a5f99ab6f6a48090e1268a62a4232c58d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30F01CB0A042058BD708EF3EEE053963AE2A784300F04C27ED409CB3B5EBB484618B8D
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000008.00000002.2049677463.0000000000401000.00000020.00000001.01000000.00000009.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049652941.0000000000400000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049708533.0000000000409000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.000000000040A000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049729404.0000000000412000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000008.00000002.2049788256.0000000000414000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_run-file.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: strlen$strchrstrncpy
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4793283-0
                                                                                                                                                                                                  • Opcode ID: c717c3167b26713e1d36be612c62a11c9a96452fabd6d96aff045e23f77e9a9b
                                                                                                                                                                                                  • Instruction ID: 1041cfa0432d9ad742072a7b848d71ebc1d8de872eff087a6a568f2cbe167894
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c717c3167b26713e1d36be612c62a11c9a96452fabd6d96aff045e23f77e9a9b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E11D3B8D04728ABCB009F55C5841AEFBB1EF48310F1684AAE8547B381C779AA41CBC6

                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                  Execution Coverage:1.2%
                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                  Signature Coverage:6.3%
                                                                                                                                                                                                  Total number of Nodes:1389
                                                                                                                                                                                                  Total number of Limit Nodes:153
                                                                                                                                                                                                  execution_graph 75389 798c59 75429 79db40 75389->75429 75391 798c65 GetStartupInfoW 75392 798c79 HeapSetInformation 75391->75392 75394 798c84 75391->75394 75392->75394 75430 79f6fb HeapCreate 75394->75430 75395 798cd2 75396 798cdd 75395->75396 75542 798c30 66 API calls 3 library calls 75395->75542 75431 79d6c1 GetModuleHandleW 75396->75431 75399 798ce3 75400 798cee __RTC_Initialize 75399->75400 75543 798c30 66 API calls 3 library calls 75399->75543 75456 79f4b6 GetStartupInfoW 75400->75456 75404 798d08 GetCommandLineA 75469 79f41f GetEnvironmentStringsW 75404->75469 75411 798d2d 75493 79f0ee 75411->75493 75414 798d33 75415 798d3e 75414->75415 75546 798a54 66 API calls 3 library calls 75414->75546 75513 798833 75415->75513 75418 798d46 75421 798d51 75418->75421 75547 798a54 66 API calls 3 library calls 75418->75547 75519 79f08f 75421->75519 75425 798d81 75548 798a36 66 API calls _doexit 75425->75548 75428 798d86 __tzset_nolock 75429->75391 75430->75395 75432 79d6de GetProcAddress GetProcAddress GetProcAddress GetProcAddress 75431->75432 75433 79d6d5 75431->75433 75435 79d728 TlsAlloc 75432->75435 75549 79d3a0 DecodePointer TlsFree 75433->75549 75438 79d837 75435->75438 75439 79d776 TlsSetValue 75435->75439 75438->75399 75439->75438 75440 79d787 75439->75440 75550 7987dc EncodePointer EncodePointer __init_pointers __initp_misc_winsig 75440->75550 75442 79d78c EncodePointer EncodePointer EncodePointer EncodePointer 75551 79cd32 InitializeCriticalSectionAndSpinCount 75442->75551 75444 79d7cb 75445 79d7cf DecodePointer 75444->75445 75446 79d832 75444->75446 75448 79d7e4 75445->75448 75571 79d3a0 DecodePointer TlsFree 75446->75571 75448->75446 75552 79fe3d 75448->75552 75451 79d802 DecodePointer 75452 79d813 75451->75452 75452->75446 75453 79d817 75452->75453 75558 79d3dd 75453->75558 75455 79d81f GetCurrentThreadId 75455->75438 75457 79fe3d __calloc_crt 66 API calls 75456->75457 75468 79f4d4 75457->75468 75458 79f67f GetStdHandle 75463 79f649 75458->75463 75459 79fe3d __calloc_crt 66 API calls 75459->75468 75460 79f6e3 SetHandleCount 75467 798cfc 75460->75467 75461 79f691 GetFileType 75461->75463 75462 79f5c9 75462->75463 75464 79f600 InitializeCriticalSectionAndSpinCount 75462->75464 75465 79f5f5 GetFileType 75462->75465 75463->75458 75463->75460 75463->75461 75466 79f6b7 InitializeCriticalSectionAndSpinCount 75463->75466 75464->75462 75464->75467 75465->75462 75465->75464 75466->75463 75466->75467 75467->75404 75544 798a54 66 API calls 3 library calls 75467->75544 75468->75459 75468->75462 75468->75463 75468->75467 75468->75468 75470 79f43b WideCharToMultiByte 75469->75470 75474 798d18 75469->75474 75472 79f4a8 FreeEnvironmentStringsW 75470->75472 75473 79f470 75470->75473 75472->75474 75613 79fdf8 75473->75613 75482 79f364 75474->75482 75477 79f47e WideCharToMultiByte 75478 79f49c FreeEnvironmentStringsW 75477->75478 75479 79f490 75477->75479 75478->75474 75619 798dd0 66 API calls 2 library calls 75479->75619 75481 79f498 75481->75478 75483 79f379 75482->75483 75484 79f37e GetModuleFileNameA 75482->75484 75657 7a4f08 94 API calls __setmbcp 75483->75657 75486 79f3a5 75484->75486 75651 79f1ca 75486->75651 75488 798d22 75488->75411 75545 798a54 66 API calls 3 library calls 75488->75545 75490 79fdf8 __malloc_crt 66 API calls 75491 79f3e7 75490->75491 75491->75488 75492 79f1ca _parse_cmdline 76 API calls 75491->75492 75492->75488 75494 79f0f7 75493->75494 75497 79f0fc _strlen 75493->75497 75659 7a4f08 94 API calls __setmbcp 75494->75659 75496 79fe3d __calloc_crt 66 API calls 75502 79f131 _strlen 75496->75502 75497->75496 75500 79f10a 75497->75500 75498 79f180 75661 798dd0 66 API calls 2 library calls 75498->75661 75500->75414 75501 79fe3d __calloc_crt 66 API calls 75501->75502 75502->75498 75502->75500 75502->75501 75503 79f1a6 75502->75503 75506 79f1bd 75502->75506 75660 79ee39 66 API calls 2 library calls 75502->75660 75662 798dd0 66 API calls 2 library calls 75503->75662 75663 79d284 10 API calls __call_reportfault 75506->75663 75509 79f1c9 75511 79f256 75509->75511 75664 7a5e24 76 API calls x_ismbbtype_l 75509->75664 75510 79f354 75510->75414 75511->75510 75512 7a5e24 76 API calls __wincmdln 75511->75512 75512->75511 75514 798841 __IsNonwritableInCurrentImage 75513->75514 75665 79d9c2 75514->75665 75516 79885f __initterm_e 75518 798880 __IsNonwritableInCurrentImage 75516->75518 75668 79d95f 76 API calls __cinit 75516->75668 75518->75418 75520 79f09d 75519->75520 75523 79f0a2 75519->75523 75669 7a4f08 94 API calls __setmbcp 75520->75669 75522 798d57 75525 791000 75522->75525 75523->75522 75670 7a5e24 76 API calls x_ismbbtype_l 75523->75670 75526 791005 75525->75526 75671 798bb6 75526->75671 75528 791018 75529 791053 GetCommandLineA 75528->75529 75744 798a72 104 API calls 8 library calls 75528->75744 75684 79388e 75529->75684 75532 79105f 75691 793904 75532->75691 75533 791029 75533->75529 75745 798a72 104 API calls 8 library calls 75533->75745 75536 791073 75698 7933ba 75536->75698 75539 798a0a 77143 7988ca 75539->77143 75541 798a1b 75541->75425 75542->75396 75543->75400 75548->75428 75550->75442 75551->75444 75554 79fe46 75552->75554 75555 79d7fa 75554->75555 75556 79fe64 Sleep 75554->75556 75572 7a5d4f 75554->75572 75555->75446 75555->75451 75557 79fe79 75556->75557 75557->75554 75557->75555 75583 79db40 75558->75583 75560 79d3e9 GetModuleHandleW 75584 79ceac 75560->75584 75562 79d427 InterlockedIncrement 75591 79d47f 75562->75591 75565 79ceac __lock 64 API calls 75566 79d448 75565->75566 75594 7a4f26 InterlockedIncrement 75566->75594 75568 79d466 75606 79d488 75568->75606 75570 79d473 __tzset_nolock 75570->75455 75573 7a5d5b 75572->75573 75578 7a5d76 75572->75578 75574 7a5d67 75573->75574 75573->75578 75581 79ab01 66 API calls __getptd_noexit 75574->75581 75576 7a5d89 HeapAlloc 75576->75578 75580 7a5db0 75576->75580 75577 7a5d6c 75577->75554 75578->75576 75578->75580 75582 79d2f5 DecodePointer 75578->75582 75580->75554 75581->75577 75582->75578 75583->75560 75585 79cec1 75584->75585 75586 79ced4 EnterCriticalSection 75584->75586 75609 79cdea 66 API calls 9 library calls 75585->75609 75586->75562 75588 79cec7 75588->75586 75610 798a54 66 API calls 3 library calls 75588->75610 75611 79cdd3 LeaveCriticalSection 75591->75611 75593 79d441 75593->75565 75595 7a4f47 75594->75595 75596 7a4f44 InterlockedIncrement 75594->75596 75597 7a4f51 InterlockedIncrement 75595->75597 75598 7a4f54 75595->75598 75596->75595 75597->75598 75599 7a4f5e InterlockedIncrement 75598->75599 75600 7a4f61 75598->75600 75599->75600 75601 7a4f6b InterlockedIncrement 75600->75601 75603 7a4f6e 75600->75603 75601->75603 75602 7a4f87 InterlockedIncrement 75602->75603 75603->75602 75604 7a4f97 InterlockedIncrement 75603->75604 75605 7a4fa2 InterlockedIncrement 75603->75605 75604->75603 75605->75568 75612 79cdd3 LeaveCriticalSection 75606->75612 75608 79d48f 75608->75570 75609->75588 75611->75593 75612->75608 75614 79fe01 75613->75614 75616 79f476 75614->75616 75617 79fe18 Sleep 75614->75617 75620 79a029 75614->75620 75616->75472 75616->75477 75618 79fe2d 75617->75618 75618->75614 75618->75616 75619->75481 75621 79a0a6 75620->75621 75629 79a037 75620->75629 75645 79d2f5 DecodePointer 75621->75645 75623 79a0ac 75646 79ab01 66 API calls __getptd_noexit 75623->75646 75626 79a065 RtlAllocateHeap 75626->75629 75636 79a09e 75626->75636 75628 79a092 75643 79ab01 66 API calls __getptd_noexit 75628->75643 75629->75626 75629->75628 75633 79a090 75629->75633 75634 79a042 75629->75634 75642 79d2f5 DecodePointer 75629->75642 75644 79ab01 66 API calls __getptd_noexit 75633->75644 75634->75629 75637 79df04 66 API calls __NMSG_WRITE 75634->75637 75638 79dd55 66 API calls 6 library calls 75634->75638 75639 7987b2 75634->75639 75636->75614 75637->75634 75638->75634 75647 798787 GetModuleHandleW 75639->75647 75642->75629 75643->75633 75644->75636 75645->75623 75646->75636 75648 79879b GetProcAddress 75647->75648 75649 7987b0 ExitProcess 75647->75649 75648->75649 75650 7987ab 75648->75650 75650->75649 75653 79f1e9 75651->75653 75655 79f256 75653->75655 75658 7a5e24 76 API calls x_ismbbtype_l 75653->75658 75654 79f354 75654->75488 75654->75490 75655->75654 75656 7a5e24 76 API calls __wincmdln 75655->75656 75656->75655 75657->75484 75658->75653 75659->75497 75660->75502 75661->75500 75662->75500 75663->75509 75664->75509 75666 79d9c8 EncodePointer 75665->75666 75666->75666 75667 79d9e2 75666->75667 75667->75516 75668->75518 75669->75523 75670->75523 75672 798bc2 __tzset_nolock _strnlen 75671->75672 75673 798bce 75672->75673 75676 798bfa 75672->75676 75746 79ab01 66 API calls __getptd_noexit 75673->75746 75675 798bd3 75747 79d2d6 11 API calls __close 75675->75747 75678 79ceac __lock 66 API calls 75676->75678 75679 798c01 75678->75679 75748 798b2f 99 API calls 3 library calls 75679->75748 75681 798c0e 75749 798c27 LeaveCriticalSection _doexit 75681->75749 75682 798bde __tzset_nolock 75682->75528 75750 79394b 75684->75750 75688 7938ab 75689 79394b 97 API calls 75688->75689 75690 7938f1 75688->75690 75757 793668 75688->75757 75761 793925 75688->75761 75689->75688 75690->75532 75692 79a029 _malloc 66 API calls 75691->75692 75693 79390d 75692->75693 75694 793924 75693->75694 75808 799f9b 97 API calls 7 library calls 75693->75808 75694->75536 75696 79391c 75697 798a0a 66 API calls 75696->75697 75697->75694 75809 79443d 75698->75809 75702 793458 75703 79349f 75702->75703 75946 798a72 104 API calls 8 library calls 75702->75946 75836 79256f 75703->75836 75706 79346c 75708 793494 75706->75708 75947 798a72 104 API calls 8 library calls 75706->75947 75948 79129b 75708->75948 75714 7934f7 75715 79350d 75714->75715 75962 793ad9 75714->75962 75897 794dc6 75715->75897 75718 793529 75938 7996e8 75718->75938 75719 793523 75719->75718 75722 793ad9 2 API calls 75719->75722 75723 79353f 75719->75723 75721 7910d9 75721->75425 75721->75539 75722->75723 75908 793971 75723->75908 75726 793574 75967 792e45 135 API calls __tzset_nolock 75726->75967 75727 7935a7 75728 798bb6 __wgetenv 99 API calls 75727->75728 75730 7935b1 75728->75730 75969 7913bf 132 API calls 2 library calls 75730->75969 75731 79358a 75968 7917a2 136 API calls 5 library calls 75731->75968 75734 793598 75734->75718 75912 79296b 75734->75912 75737 7935f6 75924 79192a 75737->75924 75742 79360c 75933 79447e 75742->75933 75744->75533 75745->75533 75746->75675 75747->75682 75748->75681 75749->75682 75768 7a624d 75750->75768 75753 79396b 75753->75688 75755 793963 75756 798a0a 66 API calls 75755->75756 75756->75753 75758 79368b CharNextExA 75757->75758 75759 793729 75758->75759 75760 7936a4 75758->75760 75759->75688 75760->75758 75760->75759 75780 79a0bd 75761->75780 75763 793932 75764 79394a 75763->75764 75801 799f9b 97 API calls 7 library calls 75763->75801 75764->75688 75766 793942 75767 798a0a 66 API calls 75766->75767 75767->75764 75769 793954 75768->75769 75770 7a625e _strlen 75768->75770 75769->75753 75777 799f9b 97 API calls 7 library calls 75769->75777 75771 79a029 _malloc 66 API calls 75770->75771 75772 7a6271 75771->75772 75772->75769 75778 79ee39 66 API calls 2 library calls 75772->75778 75774 7a6283 75774->75769 75775 7a628e 75774->75775 75779 79d284 10 API calls __call_reportfault 75775->75779 75777->75755 75778->75774 75779->75769 75781 79a0c8 75780->75781 75782 79a0d3 75780->75782 75783 79a029 _malloc 66 API calls 75781->75783 75784 79a0db 75782->75784 75789 79a0e8 75782->75789 75786 79a0d0 75783->75786 75802 798dd0 66 API calls 2 library calls 75784->75802 75786->75763 75787 79a0e3 __dosmaperr 75787->75763 75788 79a120 75804 79d2f5 DecodePointer 75788->75804 75789->75788 75790 79a0f0 HeapReAlloc 75789->75790 75793 79a150 75789->75793 75798 79a138 75789->75798 75803 79d2f5 DecodePointer 75789->75803 75790->75787 75790->75789 75792 79a126 75805 79ab01 66 API calls __getptd_noexit 75792->75805 75807 79ab01 66 API calls __getptd_noexit 75793->75807 75797 79a155 GetLastError 75797->75787 75806 79ab01 66 API calls __getptd_noexit 75798->75806 75800 79a13d GetLastError 75800->75787 75801->75766 75802->75787 75803->75789 75804->75792 75805->75787 75806->75800 75807->75797 75808->75696 75971 799570 75809->75971 75814 791ee0 75815 791ee5 75814->75815 75835 791fc1 75815->75835 75978 798a72 104 API calls 8 library calls 75815->75978 75817 791ef9 75979 798a72 104 API calls 8 library calls 75817->75979 75819 791f1c 75980 798a72 104 API calls 8 library calls 75819->75980 75821 791f36 75981 798a72 104 API calls 8 library calls 75821->75981 75823 791f46 75982 798a72 104 API calls 8 library calls 75823->75982 75825 791f56 75983 798a72 104 API calls 8 library calls 75825->75983 75827 791f6f 75984 798a72 104 API calls 8 library calls 75827->75984 75829 791f7f 75985 798a72 104 API calls 8 library calls 75829->75985 75831 791f8f 75986 798a72 104 API calls 8 library calls 75831->75986 75833 791f99 75987 798a72 104 API calls 8 library calls 75833->75987 75835->75702 75837 7925ce _memset 75836->75837 75838 798bb6 __wgetenv 99 API calls 75837->75838 75839 7925e0 75838->75839 75840 792601 75839->75840 75841 7925e7 75839->75841 75843 793904 97 API calls 75840->75843 75842 7925f6 75841->75842 75845 79394b 97 API calls 75841->75845 75844 7996e8 __validdrive 5 API calls 75842->75844 75847 792611 __tzset_nolock 75843->75847 75846 792958 75844->75846 75845->75842 75883 794ae2 75846->75883 75851 792782 _strlen 75847->75851 75988 795fdf 102 API calls 2 library calls 75847->75988 75849 7927f0 _strlen 75850 792836 75849->75850 75861 793904 97 API calls 75849->75861 75853 79394b 97 API calls 75850->75853 75856 79285c 75850->75856 75851->75849 75851->75850 75857 793904 97 API calls 75851->75857 75852 79275c 75852->75851 75989 793ba3 105 API calls 5 library calls 75852->75989 75853->75856 75854 792868 75992 796179 66 API calls _free 75854->75992 75856->75854 75993 796569 97 API calls 2 library calls 75856->75993 75865 7927d8 _strcat 75857->75865 75859 792779 75862 798a0a 66 API calls 75859->75862 75866 79281e _strcat 75861->75866 75862->75851 75863 792883 75994 793eae 109 API calls 75863->75994 75990 799007 109 API calls 3 library calls 75865->75990 75991 799007 109 API calls 3 library calls 75866->75991 75868 79289e 75870 793971 99 API calls 75868->75870 75871 7928d4 75870->75871 75875 7928f3 _strlen 75871->75875 75995 796412 100 API calls __mbschr_l 75871->75995 75874 7928e9 75874->75854 75874->75875 75877 792918 75875->75877 75878 792960 75875->75878 75876 79292f 75997 794022 129 API calls 9 library calls 75876->75997 75996 799007 109 API calls 3 library calls 75877->75996 75880 792938 75998 796179 66 API calls _free 75880->75998 75882 79293d 75882->75842 75888 794b03 __tzset_nolock 75883->75888 75892 794b92 __tzset_nolock 75883->75892 75885 793ba3 105 API calls 75885->75892 75888->75892 76114 793ba3 105 API calls 5 library calls 75888->76114 75890 798a0a 66 API calls 75890->75892 75892->75885 75892->75890 75895 794c51 75892->75895 75999 7947b7 75892->75999 76054 793b5d 75892->76054 76058 792f8a 75892->76058 76085 792312 75892->76085 76103 794746 75892->76103 75894 7934de 75894->75714 75961 7910e3 139 API calls 3 library calls 75894->75961 75895->75894 75896 793a06 85 API calls 75895->75896 75896->75895 75898 793971 99 API calls 75897->75898 75899 794dd7 75898->75899 76755 794cdb 75899->76755 75902 794ded 76772 793ba3 105 API calls 5 library calls 75902->76772 75903 794df7 GetProcAddress GetProcAddress 75904 794e1e 75903->75904 75904->75902 75905 794e22 75904->75905 75907 794e33 75905->75907 75907->75719 75909 79355f 75908->75909 75910 79397a 75908->75910 75909->75726 75909->75727 76803 79a1ef 99 API calls _vwprintf_helper 75910->76803 75917 79298f __tzset_nolock _strlen 75912->75917 75913 792dc1 76806 793ba3 105 API calls 5 library calls 75913->76806 75916 792d9f 75916->75718 75916->75737 75970 7913bf 132 API calls 2 library calls 75916->75970 75917->75913 75917->75916 75918 792dee 75917->75918 75920 7994e1 102 API calls _sprintf 75917->75920 75921 793904 97 API calls 75917->75921 75922 79129b 97 API calls 75917->75922 76804 793ba3 105 API calls 5 library calls 75917->76804 76805 7913bf 132 API calls 2 library calls 75917->76805 76807 791fc3 104 API calls 3 library calls 75918->76807 75920->75917 75921->75917 75922->75917 75925 791939 _strlen 75924->75925 75929 7919bc 75924->75929 75926 793904 97 API calls 75925->75926 75927 791977 75926->75927 75928 79129b 97 API calls 75927->75928 75928->75929 75930 7919c3 75929->75930 75931 79129b 97 API calls 75930->75931 75932 7919cf 75931->75932 75932->75742 76808 791dae 75933->76808 75935 794486 76843 793339 75935->76843 75939 7996f0 75938->75939 75940 7996f2 IsDebuggerPresent 75938->75940 75939->75721 77139 7a536a 75940->77139 75943 7a14a9 SetUnhandledExceptionFilter UnhandledExceptionFilter 75944 7a14ce GetCurrentProcess TerminateProcess 75943->75944 75945 7a14c6 __call_reportfault 75943->75945 75944->75721 75945->75944 75946->75706 75947->75706 75949 7912af 75948->75949 75954 7912c9 _memmove 75948->75954 75950 7912b8 75949->75950 75951 7912d1 75949->75951 75952 793904 97 API calls 75950->75952 75953 793904 97 API calls 75951->75953 75952->75954 75953->75954 75956 791347 75954->75956 77140 7911d2 66 API calls 2 library calls 75954->77140 75959 791377 75956->75959 77141 7911d2 66 API calls 2 library calls 75956->77141 75958 7913a7 75958->75703 75959->75958 77142 7911d2 66 API calls 2 library calls 75959->77142 75961->75714 75963 793afe 75962->75963 75964 793ae7 QueryPerformanceFrequency 75962->75964 75965 793b0d QueryPerformanceCounter 75963->75965 75966 793b07 75963->75966 75964->75963 75965->75715 75966->75715 75967->75731 75968->75734 75969->75734 75970->75737 75972 79444f InitCommonControlsEx 75971->75972 75973 79398b 75972->75973 75974 798bb6 __wgetenv 99 API calls 75973->75974 75975 793997 75974->75975 75976 793452 75975->75976 75977 793971 99 API calls 75975->75977 75976->75814 75977->75976 75978->75817 75979->75819 75980->75821 75981->75823 75982->75825 75983->75827 75984->75829 75985->75831 75986->75833 75987->75835 75988->75852 75989->75859 75990->75849 75991->75850 75992->75842 75993->75863 75994->75868 75995->75874 75996->75876 75997->75880 75998->75882 76115 793a4e GetModuleFileNameA 75999->76115 76001 7947e5 76002 79489a RegOpenKeyExA 76001->76002 76005 793b5d 102 API calls 76001->76005 76003 7948be 76002->76003 76004 7948f0 76002->76004 76184 793ba3 105 API calls 5 library calls 76003->76184 76186 793a87 RegQueryValueExA RegQueryValueExA 76004->76186 76007 794807 76005->76007 76117 79a3a5 76007->76117 76009 7948c9 76185 793ba3 105 API calls 5 library calls 76009->76185 76011 794909 76013 794910 76011->76013 76021 794928 __tzset_nolock 76011->76021 76012 794817 76015 79481f 76012->76015 76016 794832 _strlen 76012->76016 76187 793ba3 105 API calls 5 library calls 76013->76187 76018 793971 99 API calls 76015->76018 76023 794843 76016->76023 76024 794855 76016->76024 76022 794829 76018->76022 76019 79491b RegCloseKey 76019->76009 76027 79495d RegOpenKeyExA 76021->76027 76028 794940 76021->76028 76025 7996e8 __validdrive 5 API calls 76022->76025 76026 793971 99 API calls 76023->76026 76029 793b5d 102 API calls 76024->76029 76030 7948e8 76025->76030 76026->76022 76032 79498b 76027->76032 76033 794974 76027->76033 76188 793ba3 105 API calls 5 library calls 76028->76188 76031 794868 76029->76031 76030->75892 76035 79a3a5 __stat64i32 139 API calls 76031->76035 76190 793a87 RegQueryValueExA RegQueryValueExA 76032->76190 76189 793ba3 105 API calls 5 library calls 76033->76189 76039 794878 76035->76039 76037 7949a1 76043 7949d2 76037->76043 76191 793ba3 105 API calls 5 library calls 76037->76191 76039->76002 76040 79487f 76039->76040 76045 793971 99 API calls 76040->76045 76042 7949ba RegCloseKey RegCloseKey 76042->76043 76044 794a1f RegCloseKey RegCloseKey 76043->76044 76192 793a87 RegQueryValueExA RegQueryValueExA 76043->76192 76046 793971 99 API calls 76044->76046 76045->76022 76048 794a3c 76046->76048 76049 7949f1 76050 794a02 76049->76050 76193 798a72 104 API calls 8 library calls 76049->76193 76194 798a72 104 API calls 8 library calls 76050->76194 76053 794a1c 76053->76044 76055 793b67 76054->76055 76056 793b82 76054->76056 76055->76056 76426 79a9c0 102 API calls __vsnprintf_l 76055->76426 76056->75892 76059 792fc3 76058->76059 76060 792fcc 76059->76060 76061 793ad9 2 API calls 76059->76061 76427 799f5a 76060->76427 76061->76060 76064 79300b 76430 799d66 76064->76430 76065 792fe6 76067 793003 76065->76067 76462 793ba3 105 API calls 5 library calls 76065->76462 76070 7996e8 __validdrive 5 API calls 76067->76070 76069 7932e4 76449 799c59 76069->76449 76072 793331 76070->76072 76071 792ffa 76074 798a0a 66 API calls 76071->76074 76072->75892 76074->76067 76075 799d66 _fgets 81 API calls 76084 79301a _strspn _memmove _strlen _strcspn 76075->76084 76076 7932ed 76076->76067 76077 793ad9 2 API calls 76076->76077 76078 793305 76077->76078 76463 798a72 104 API calls 8 library calls 76078->76463 76079 793904 97 API calls 76079->76084 76081 793ba3 105 API calls 76081->76084 76082 793971 99 API calls 76082->76084 76083 79394b 97 API calls 76083->76084 76084->76069 76084->76075 76084->76079 76084->76081 76084->76082 76084->76083 76086 798bb6 __wgetenv 99 API calls 76085->76086 76087 792329 76086->76087 76088 793904 97 API calls 76087->76088 76090 792340 __tzset_nolock 76088->76090 76089 79246a 76091 793971 99 API calls 76089->76091 76090->76089 76093 79249e 76090->76093 76098 792495 76091->76098 76092 7924ea 76094 792548 76092->76094 76097 7924f4 76092->76097 76093->76092 76095 7924fd 76093->76095 76093->76097 76093->76098 76094->76098 76754 793ba3 105 API calls 5 library calls 76094->76754 76095->76098 76752 793ba3 105 API calls 5 library calls 76095->76752 76097->76098 76753 793ba3 105 API calls 5 library calls 76097->76753 76098->75892 76101 79250d 76102 798a0a 66 API calls 76101->76102 76102->76098 76105 79475e __mbschr_l 76103->76105 76104 794787 76106 793b5d 102 API calls 76104->76106 76105->76104 76108 794772 76105->76108 76107 794782 76106->76107 76109 79a3a5 __stat64i32 139 API calls 76107->76109 76110 793b5d 102 API calls 76108->76110 76111 7947a3 76109->76111 76110->76107 76112 7996e8 __validdrive 5 API calls 76111->76112 76113 7947b5 76112->76113 76113->75892 76114->75892 76116 793a68 _strrchr 76115->76116 76116->76001 76118 79a3f1 76117->76118 76119 79a3d5 76117->76119 76118->76119 76121 79a3f5 76118->76121 76217 79ab14 66 API calls __getptd_noexit 76119->76217 76195 7a469d 76121->76195 76122 79a3da 76218 79ab01 66 API calls __getptd_noexit 76122->76218 76126 79a3e1 76219 79d2d6 11 API calls __close 76126->76219 76127 79a406 76220 79ab01 66 API calls __getptd_noexit 76127->76220 76128 79a43c 76223 7a4451 68 API calls 4 library calls 76128->76223 76129 79a422 76129->76127 76222 7a45c5 82 API calls __mbctolower_l 76129->76222 76133 79a40b 76221 79ab14 66 API calls __getptd_noexit 76133->76221 76135 79a441 FindFirstFileExA 76138 79a548 76135->76138 76139 79a468 76135->76139 76137 79a436 76137->76135 76140 79a5b3 76138->76140 76144 79a560 76138->76144 76141 7a469d __stat64i32 76 API calls 76139->76141 76146 79a5cb FileTimeToLocalFileTime 76140->76146 76150 79a5c3 76140->76150 76145 79a479 76141->76145 76142 7996e8 __validdrive 5 API calls 76143 79a7fa 76142->76143 76143->76012 76227 7a41ca 76144->76227 76145->76127 76224 79a345 75 API calls 2 library calls 76145->76224 76147 79a7d1 GetLastError 76146->76147 76148 79a5e7 FileTimeToSystemTime 76146->76148 76255 79ab27 66 API calls 3 library calls 76147->76255 76148->76147 76151 79a603 76148->76151 76156 79a661 FileTimeToLocalFileTime 76150->76156 76158 79a653 76150->76158 76198 7a41ea 76151->76198 76156->76147 76160 79a67d FileTimeToSystemTime 76156->76160 76157 79a7dd FindClose 76173 79a3ec 76157->76173 76167 79a6f7 FileTimeToLocalFileTime 76158->76167 76179 79a6e9 FindClose 76158->76179 76159 79a590 76230 7a35d2 115 API calls 6 library calls 76159->76230 76160->76147 76164 79a699 76160->76164 76161 79a52b 76161->76127 76226 798dd0 66 API calls 2 library calls 76161->76226 76162 79a498 _IsRootUNCName _strlen 76162->76161 76170 79a4ba GetDriveTypeA 76162->76170 76166 7a41ea ___loctotime64_t 102 API calls 76164->76166 76165 79a59c 76231 7a2135 76165->76231 76166->76158 76167->76147 76169 79a713 FileTimeToSystemTime 76167->76169 76169->76147 76172 79a72f 76169->76172 76170->76161 76178 79a4c6 76170->76178 76175 7a41ea ___loctotime64_t 102 API calls 76172->76175 76173->76142 76175->76179 76176 79a77b 76254 7a3515 85 API calls ___dtoxmode 76176->76254 76177 79a4d9 76182 7a41ea ___loctotime64_t 102 API calls 76177->76182 76178->76177 76225 798dd0 66 API calls 2 library calls 76178->76225 76179->76176 76183 79a509 76182->76183 76183->76176 76184->76009 76185->76022 76186->76011 76187->76019 76188->76019 76189->76019 76190->76037 76191->76042 76192->76049 76193->76050 76194->76053 76256 7a45d8 76195->76256 76197 79a400 76197->76127 76197->76128 76197->76129 76199 7a4432 76198->76199 76204 7a4222 76198->76204 76314 79ab01 66 API calls __getptd_noexit 76199->76314 76201 7a4413 76202 7996e8 __validdrive 5 API calls 76201->76202 76203 7a444f 76202->76203 76203->76150 76204->76199 76295 7a887b 76204->76295 76206 7a42fd 76303 7a890b 66 API calls 2 library calls 76206->76303 76208 7a4306 76209 7a4426 76208->76209 76304 7a8938 66 API calls 2 library calls 76208->76304 76313 79d284 10 API calls __call_reportfault 76209->76313 76212 7a4318 76212->76209 76305 7a8965 76212->76305 76214 7a432a 76214->76209 76215 7a4333 ___loctotime64_t 76214->76215 76215->76201 76312 7a88ca 66 API calls 4 library calls 76215->76312 76217->76122 76218->76126 76219->76173 76220->76133 76221->76173 76222->76137 76223->76135 76224->76162 76225->76177 76226->76127 76357 7a4106 76227->76357 76229 79a578 76229->76127 76229->76159 76230->76165 76232 7a2141 __tzset_nolock 76231->76232 76233 7a2149 76232->76233 76234 7a2164 76232->76234 76398 79ab14 66 API calls __getptd_noexit 76233->76398 76236 7a2170 76234->76236 76239 7a21aa 76234->76239 76400 79ab14 66 API calls __getptd_noexit 76236->76400 76237 7a214e 76399 79ab01 66 API calls __getptd_noexit 76237->76399 76373 7a29ee 76239->76373 76241 7a2175 76401 79ab01 66 API calls __getptd_noexit 76241->76401 76243 7a2156 __tzset_nolock 76243->76173 76245 7a217d 76402 79d2d6 11 API calls __close 76245->76402 76246 7a21b0 76248 7a21ca 76246->76248 76249 7a21be 76246->76249 76403 79ab01 66 API calls __getptd_noexit 76248->76403 76383 7a2099 76249->76383 76252 7a21c4 76404 7a21f1 LeaveCriticalSection __unlock_fhandle 76252->76404 76254->76173 76255->76157 76263 79ca70 76256->76263 76260 7a4615 76272 79d2d6 11 API calls __close 76260->76272 76262 7a45f7 _strpbrk 76262->76197 76264 79ca83 76263->76264 76265 79cad0 76263->76265 76273 79d50a 76264->76273 76265->76262 76271 79ab01 66 API calls __getptd_noexit 76265->76271 76267 79ca88 76268 79cab0 76267->76268 76278 7a51e6 74 API calls 6 library calls 76267->76278 76268->76265 76279 7a4a65 68 API calls 6 library calls 76268->76279 76271->76260 76272->76262 76280 79d491 GetLastError 76273->76280 76275 79d512 76276 79d51f 76275->76276 76294 798a54 66 API calls 3 library calls 76275->76294 76276->76267 76278->76268 76279->76265 76281 79d34f ___set_flsgetvalue TlsGetValue DecodePointer TlsSetValue 76280->76281 76282 79d4a8 76281->76282 76283 79d4fe SetLastError 76282->76283 76284 79fe3d __calloc_crt 62 API calls 76282->76284 76283->76275 76285 79d4bc 76284->76285 76285->76283 76286 79d4c4 DecodePointer 76285->76286 76287 79d4d9 76286->76287 76288 79d4dd 76287->76288 76289 79d4f5 76287->76289 76290 79d3dd __initptd 62 API calls 76288->76290 76291 798dd0 _free 62 API calls 76289->76291 76292 79d4e5 GetCurrentThreadId 76290->76292 76293 79d4fb 76291->76293 76292->76283 76293->76283 76296 7a8887 __tzset_nolock 76295->76296 76297 7a88bb __tzset_nolock 76296->76297 76298 79ceac __lock 66 API calls 76296->76298 76297->76206 76299 7a8898 76298->76299 76300 7a88a9 76299->76300 76315 7a819a 76299->76315 76345 7a88c1 LeaveCriticalSection _doexit 76300->76345 76303->76208 76304->76212 76306 7a8971 76305->76306 76307 7a8986 76305->76307 76355 79ab01 66 API calls __getptd_noexit 76306->76355 76307->76214 76309 7a8976 76356 79d2d6 11 API calls __close 76309->76356 76311 7a8981 76311->76214 76312->76201 76313->76199 76314->76201 76316 7a81a6 __tzset_nolock 76315->76316 76317 79ceac __lock 66 API calls 76316->76317 76318 7a81c1 __tzset_nolock 76317->76318 76319 7a8965 ___loctotime64_t 66 API calls 76318->76319 76320 7a81d6 76319->76320 76343 7a829e 76320->76343 76346 7a890b 66 API calls 2 library calls 76320->76346 76323 7a81e8 76323->76343 76347 7a8938 66 API calls 2 library calls 76323->76347 76324 7a82be GetTimeZoneInformation 76337 7a8293 __tzset_nolock 76324->76337 76327 7a81fa 76327->76343 76348 7a91dc 74 API calls 2 library calls 76327->76348 76328 7a8325 WideCharToMultiByte 76328->76337 76330 7a8208 76349 798b2f 99 API calls 3 library calls 76330->76349 76332 7a835d WideCharToMultiByte 76332->76337 76334 7a8261 _strlen 76338 79fdf8 __malloc_crt 66 API calls 76334->76338 76335 7a848e __tzset_nolock 76335->76300 76336 7a46b4 66 API calls __tzset_nolock 76336->76337 76337->76324 76337->76328 76337->76332 76337->76335 76337->76336 76337->76343 76344 7ab400 79 API calls __tzset_nolock 76337->76344 76353 798dd0 66 API calls 2 library calls 76337->76353 76354 7a841d LeaveCriticalSection _doexit 76337->76354 76341 7a826f _strlen 76338->76341 76339 7a822a __tzset_nolock 76339->76334 76339->76337 76350 798dd0 66 API calls 2 library calls 76339->76350 76341->76337 76351 79ee39 66 API calls 2 library calls 76341->76351 76352 79d284 10 API calls __call_reportfault 76343->76352 76344->76337 76345->76297 76346->76323 76347->76327 76348->76330 76349->76339 76350->76334 76351->76337 76352->76337 76353->76337 76354->76337 76355->76309 76356->76311 76358 7a4112 __tzset_nolock 76357->76358 76359 7a4125 76358->76359 76362 7a415b __tsopen_nolock 76358->76362 76370 79ab01 66 API calls __getptd_noexit 76359->76370 76361 7a412a 76371 79d2d6 11 API calls __close 76361->76371 76366 7a419c 76362->76366 76365 7a4134 __tzset_nolock 76365->76229 76367 7a41c8 76366->76367 76368 7a41a1 76366->76368 76367->76365 76372 7a2a8d LeaveCriticalSection 76368->76372 76370->76361 76371->76365 76372->76367 76374 7a29fa __tzset_nolock 76373->76374 76375 7a2a54 76374->76375 76376 79ceac __lock 66 API calls 76374->76376 76377 7a2a59 EnterCriticalSection 76375->76377 76378 7a2a76 __tzset_nolock 76375->76378 76379 7a2a26 76376->76379 76377->76378 76378->76246 76380 7a2a42 76379->76380 76381 7a2a2f InitializeCriticalSectionAndSpinCount 76379->76381 76405 7a2a84 LeaveCriticalSection _doexit 76380->76405 76381->76380 76406 7a2985 76383->76406 76385 7a20ff 76419 7a28ff 67 API calls 2 library calls 76385->76419 76386 7a20a9 76386->76385 76388 7a20dd 76386->76388 76391 7a2985 __lseeki64_nolock 66 API calls 76386->76391 76388->76385 76389 7a2985 __lseeki64_nolock 66 API calls 76388->76389 76392 7a20e9 CloseHandle 76389->76392 76390 7a2107 76393 7a2129 76390->76393 76420 79ab27 66 API calls 3 library calls 76390->76420 76394 7a20d4 76391->76394 76392->76385 76395 7a20f5 GetLastError 76392->76395 76393->76252 76397 7a2985 __lseeki64_nolock 66 API calls 76394->76397 76395->76385 76397->76388 76398->76237 76399->76243 76400->76241 76401->76245 76402->76243 76403->76252 76404->76243 76405->76375 76407 7a29aa 76406->76407 76408 7a2992 76406->76408 76413 7a29e9 76407->76413 76423 79ab14 66 API calls __getptd_noexit 76407->76423 76421 79ab14 66 API calls __getptd_noexit 76408->76421 76410 7a2997 76422 79ab01 66 API calls __getptd_noexit 76410->76422 76412 7a29bb 76424 79ab01 66 API calls __getptd_noexit 76412->76424 76413->76386 76416 7a299f 76416->76386 76417 7a29c3 76425 79d2d6 11 API calls __close 76417->76425 76419->76390 76420->76393 76421->76410 76422->76416 76423->76412 76424->76417 76425->76416 76426->76056 76464 799e9e 76427->76464 76429 792fdd 76429->76064 76429->76065 76431 799d72 __tzset_nolock 76430->76431 76432 799d85 76431->76432 76434 799db6 76431->76434 76569 79ab01 66 API calls __getptd_noexit 76432->76569 76439 799d95 __tzset_nolock 76434->76439 76543 799b0e 76434->76543 76435 799d8a 76570 79d2d6 11 API calls __close 76435->76570 76439->76084 76441 799e67 76580 799e96 LeaveCriticalSection LeaveCriticalSection _fprintf 76441->76580 76443 799e3a 76443->76441 76549 7a222a 76443->76549 76445 799dd5 76445->76443 76578 79ab01 66 API calls __getptd_noexit 76445->76578 76447 799e2f 76579 79d2d6 11 API calls __close 76447->76579 76450 799c65 __tzset_nolock 76449->76450 76451 799c8c 76450->76451 76452 799c77 76450->76452 76455 799b0e __lock_file 67 API calls 76451->76455 76459 799c87 __tzset_nolock 76451->76459 76734 79ab01 66 API calls __getptd_noexit 76452->76734 76454 799c7c 76735 79d2d6 11 API calls __close 76454->76735 76456 799ca5 76455->76456 76718 799bec 76456->76718 76459->76076 76462->76071 76463->76067 76466 799eaa __tzset_nolock 76464->76466 76465 799ebd 76522 79ab01 66 API calls __getptd_noexit 76465->76522 76466->76465 76469 799eea 76466->76469 76468 799ec2 76523 79d2d6 11 API calls __close 76468->76523 76483 7a25e3 76469->76483 76472 799eef 76473 799f03 76472->76473 76474 799ef6 76472->76474 76476 799f2a 76473->76476 76477 799f0a 76473->76477 76524 79ab01 66 API calls __getptd_noexit 76474->76524 76500 7a234c 76476->76500 76525 79ab01 66 API calls __getptd_noexit 76477->76525 76478 799ecd __tzset_nolock @_EH4_CallFilterFunc@8 76478->76429 76484 7a25ef __tzset_nolock 76483->76484 76485 79ceac __lock 66 API calls 76484->76485 76498 7a25fd 76485->76498 76486 7a2672 76527 7a270d 76486->76527 76487 7a2679 76489 79fdf8 __malloc_crt 66 API calls 76487->76489 76491 7a2680 76489->76491 76490 7a2702 __tzset_nolock 76490->76472 76491->76486 76492 7a268e InitializeCriticalSectionAndSpinCount 76491->76492 76495 7a26ae 76492->76495 76496 7a26c1 EnterCriticalSection 76492->76496 76533 798dd0 66 API calls 2 library calls 76495->76533 76496->76486 76498->76486 76498->76487 76530 79cdea 66 API calls 9 library calls 76498->76530 76531 799b4f 67 API calls __lock 76498->76531 76532 799bbd LeaveCriticalSection LeaveCriticalSection _doexit 76498->76532 76501 7a236e 76500->76501 76502 7a2382 76501->76502 76512 7a2399 76501->76512 76535 79ab01 66 API calls __getptd_noexit 76502->76535 76504 7a2387 76536 79d2d6 11 API calls __close 76504->76536 76505 7a258a 76541 79ab01 66 API calls __getptd_noexit 76505->76541 76506 7a259c 76509 7a41ca __wsopen_s 68 API calls 76506->76509 76511 799f35 76509->76511 76510 7a258f 76542 79d2d6 11 API calls __close 76510->76542 76526 799f50 LeaveCriticalSection LeaveCriticalSection _fprintf 76511->76526 76512->76505 76521 7a2536 76512->76521 76537 7a77bb 76 API calls __fassign 76512->76537 76515 7a2505 76515->76505 76515->76515 76538 7a7655 85 API calls __mbsnbicmp_l 76515->76538 76517 7a252f 76517->76521 76539 7a7655 85 API calls __mbsnbicmp_l 76517->76539 76519 7a254e 76519->76521 76540 7a7655 85 API calls __mbsnbicmp_l 76519->76540 76521->76505 76521->76506 76522->76468 76523->76478 76524->76478 76525->76478 76526->76478 76534 79cdd3 LeaveCriticalSection 76527->76534 76529 7a2714 76529->76490 76530->76498 76531->76498 76532->76498 76533->76486 76534->76529 76535->76504 76536->76511 76537->76515 76538->76517 76539->76519 76540->76521 76541->76510 76542->76511 76544 799b20 76543->76544 76545 799b42 EnterCriticalSection 76543->76545 76544->76545 76546 799b28 76544->76546 76547 799b38 76545->76547 76548 79ceac __lock 66 API calls 76546->76548 76547->76443 76571 7a1fd7 76547->76571 76548->76547 76550 7a2237 76549->76550 76554 7a224c 76549->76554 76614 79ab01 66 API calls __getptd_noexit 76550->76614 76552 7a223c 76615 79d2d6 11 API calls __close 76552->76615 76555 7a2281 76554->76555 76560 7a2247 76554->76560 76581 7a6520 76554->76581 76557 7a1fd7 __flsbuf 66 API calls 76555->76557 76558 7a2295 76557->76558 76584 7a735b 76558->76584 76560->76443 76561 7a229c 76561->76560 76562 7a1fd7 __flsbuf 66 API calls 76561->76562 76563 7a22bf 76562->76563 76563->76560 76564 7a1fd7 __flsbuf 66 API calls 76563->76564 76565 7a22cb 76564->76565 76565->76560 76566 7a1fd7 __flsbuf 66 API calls 76565->76566 76567 7a22d8 76566->76567 76568 7a1fd7 __flsbuf 66 API calls 76567->76568 76568->76560 76569->76435 76570->76439 76572 7a1ff8 76571->76572 76573 7a1fe3 76571->76573 76572->76445 76716 79ab01 66 API calls __getptd_noexit 76573->76716 76575 7a1fe8 76717 79d2d6 11 API calls __close 76575->76717 76577 7a1ff3 76577->76445 76578->76447 76579->76443 76580->76439 76582 79fdf8 __malloc_crt 66 API calls 76581->76582 76583 7a6535 76582->76583 76583->76555 76585 7a7367 __tzset_nolock 76584->76585 76586 7a738a 76585->76586 76587 7a736f 76585->76587 76589 7a7396 76586->76589 76592 7a73d0 76586->76592 76685 79ab14 66 API calls __getptd_noexit 76587->76685 76687 79ab14 66 API calls __getptd_noexit 76589->76687 76590 7a7374 76686 79ab01 66 API calls __getptd_noexit 76590->76686 76596 7a73dd 76592->76596 76597 7a73f2 76592->76597 76594 7a739b 76688 79ab01 66 API calls __getptd_noexit 76594->76688 76690 79ab14 66 API calls __getptd_noexit 76596->76690 76600 7a29ee ___lock_fhandle 68 API calls 76597->76600 76598 7a73a3 76689 79d2d6 11 API calls __close 76598->76689 76602 7a73f8 76600->76602 76601 7a73e2 76691 79ab01 66 API calls __getptd_noexit 76601->76691 76605 7a741a 76602->76605 76606 7a7406 76602->76606 76692 79ab01 66 API calls __getptd_noexit 76605->76692 76616 7a6da4 76606->76616 76609 7a737c __tzset_nolock 76609->76561 76610 7a7412 76694 7a7449 LeaveCriticalSection __unlock_fhandle 76610->76694 76611 7a741f 76693 79ab14 66 API calls __getptd_noexit 76611->76693 76614->76552 76615->76560 76617 7a6ddb 76616->76617 76618 7a6dc0 76616->76618 76620 7a6dea 76617->76620 76622 7a6e09 76617->76622 76695 79ab14 66 API calls __getptd_noexit 76618->76695 76697 79ab14 66 API calls __getptd_noexit 76620->76697 76621 7a6dc5 76696 79ab01 66 API calls __getptd_noexit 76621->76696 76624 7a6e27 76622->76624 76639 7a6e3b 76622->76639 76700 79ab14 66 API calls __getptd_noexit 76624->76700 76626 7a6def 76698 79ab01 66 API calls __getptd_noexit 76626->76698 76629 7a6e91 76702 79ab14 66 API calls __getptd_noexit 76629->76702 76630 7a6df6 76699 79d2d6 11 API calls __close 76630->76699 76632 7a6e2c 76701 79ab01 66 API calls __getptd_noexit 76632->76701 76634 7a6e96 76703 79ab01 66 API calls __getptd_noexit 76634->76703 76636 7a6dcd 76636->76610 76638 7a6e33 76704 79d2d6 11 API calls __close 76638->76704 76639->76629 76639->76636 76640 7a6e70 76639->76640 76641 7a6eaa 76639->76641 76640->76629 76648 7a6e7b ReadFile 76640->76648 76644 79fdf8 __malloc_crt 66 API calls 76641->76644 76645 7a6ec0 76644->76645 76649 7a6eca 76645->76649 76650 7a6ee8 76645->76650 76646 7a731e GetLastError 76651 7a732b 76646->76651 76652 7a71a5 76646->76652 76647 7a6fa6 76647->76646 76655 7a6fba 76647->76655 76648->76646 76648->76647 76705 79ab01 66 API calls __getptd_noexit 76649->76705 76707 79affa 68 API calls 3 library calls 76650->76707 76714 79ab01 66 API calls __getptd_noexit 76651->76714 76664 7a712a 76652->76664 76711 79ab27 66 API calls 3 library calls 76652->76711 76655->76664 76666 7a6fd6 76655->76666 76668 7a71ea 76655->76668 76657 7a7330 76715 79ab14 66 API calls __getptd_noexit 76657->76715 76658 7a6ecf 76706 79ab14 66 API calls __getptd_noexit 76658->76706 76660 7a6ef6 76660->76648 76664->76636 76712 798dd0 66 API calls 2 library calls 76664->76712 76665 7a703a ReadFile 76669 7a7058 GetLastError 76665->76669 76678 7a7062 76665->76678 76666->76665 76675 7a70b7 76666->76675 76667 7a725f ReadFile 76670 7a727e GetLastError 76667->76670 76676 7a7288 76667->76676 76668->76664 76668->76667 76669->76666 76669->76678 76670->76668 76670->76676 76671 7a717b MultiByteToWideChar 76671->76664 76672 7a719f GetLastError 76671->76672 76672->76652 76673 7a7132 76680 7a7169 76673->76680 76681 7a70ef 76673->76681 76674 7a7125 76709 79ab01 66 API calls __getptd_noexit 76674->76709 76675->76664 76675->76673 76675->76674 76675->76681 76676->76668 76713 79affa 68 API calls 3 library calls 76676->76713 76678->76666 76708 79affa 68 API calls 3 library calls 76678->76708 76710 79affa 68 API calls 3 library calls 76680->76710 76681->76671 76684 7a7178 76684->76671 76685->76590 76686->76609 76687->76594 76688->76598 76689->76609 76690->76601 76691->76598 76692->76611 76693->76610 76694->76609 76695->76621 76696->76636 76697->76626 76698->76630 76699->76636 76700->76632 76701->76638 76702->76634 76703->76638 76704->76636 76705->76658 76706->76636 76707->76660 76708->76678 76709->76664 76710->76684 76711->76664 76712->76636 76713->76676 76714->76657 76715->76664 76716->76575 76717->76577 76719 799bfd 76718->76719 76720 799c11 76718->76720 76747 79ab01 66 API calls __getptd_noexit 76719->76747 76726 799c0d 76720->76726 76737 79ab4a 76720->76737 76722 799c02 76748 79d2d6 11 API calls __close 76722->76748 76736 799cc5 LeaveCriticalSection LeaveCriticalSection _fprintf 76726->76736 76729 7a1fd7 __flsbuf 66 API calls 76730 799c2b 76729->76730 76731 7a2135 __close 72 API calls 76730->76731 76732 799c31 76731->76732 76732->76726 76749 798dd0 66 API calls 2 library calls 76732->76749 76734->76454 76735->76459 76736->76459 76738 79ab63 76737->76738 76742 799c1d 76737->76742 76739 7a1fd7 __flsbuf 66 API calls 76738->76739 76738->76742 76740 79ab7e 76739->76740 76750 7a334a 97 API calls 6 library calls 76740->76750 76743 7a21f9 76742->76743 76744 7a2209 76743->76744 76745 799c25 76743->76745 76744->76745 76751 798dd0 66 API calls 2 library calls 76744->76751 76745->76729 76747->76722 76748->76726 76749->76726 76750->76742 76751->76745 76752->76101 76753->76101 76754->76098 76756 794d04 76755->76756 76764 794d52 76755->76764 76757 7947b7 177 API calls 76756->76757 76760 794d12 _strlen 76757->76760 76758 7996e8 __validdrive 5 API calls 76759 794dbe LoadLibraryA 76758->76759 76759->75902 76759->75903 76761 794d48 76760->76761 76762 794d57 76760->76762 76760->76764 76776 793ba3 105 API calls 5 library calls 76761->76776 76765 793971 99 API calls 76762->76765 76764->76758 76766 794d73 76765->76766 76773 79ae7d 76766->76773 76769 794d85 LoadLibraryA 76769->76764 76770 794d93 76769->76770 76777 793ba3 105 API calls 5 library calls 76770->76777 76772->75907 76778 79adfe 76773->76778 76776->76764 76777->76764 76779 79ae0b 76778->76779 76780 79ae25 76778->76780 76796 79ab14 66 API calls __getptd_noexit 76779->76796 76780->76779 76782 79ae2e GetFileAttributesA 76780->76782 76784 79ae3c GetLastError 76782->76784 76790 79ae52 76782->76790 76783 79ae10 76797 79ab01 66 API calls __getptd_noexit 76783->76797 76799 79ab27 66 API calls 3 library calls 76784->76799 76785 794d7e 76785->76764 76785->76769 76788 79ae17 76798 79d2d6 11 API calls __close 76788->76798 76789 79ae48 76800 79ab01 66 API calls __getptd_noexit 76789->76800 76790->76785 76801 79ab14 66 API calls __getptd_noexit 76790->76801 76794 79ae65 76802 79ab01 66 API calls __getptd_noexit 76794->76802 76796->76783 76797->76788 76798->76785 76799->76789 76800->76785 76801->76794 76802->76789 76803->75909 76804->75917 76805->75917 76806->75916 76807->75916 76809 798bb6 __wgetenv 99 API calls 76808->76809 76810 791dc1 76809->76810 76811 798bb6 __wgetenv 99 API calls 76810->76811 76812 791dce 76811->76812 76842 791eaa 76812->76842 76847 79557a 179 API calls 76812->76847 76814 791ded 76815 791e4f 76814->76815 76816 791df7 76814->76816 76853 795511 179 API calls 76815->76853 76818 791e06 76816->76818 76848 796124 83 API calls 2 library calls 76816->76848 76824 791e21 76818->76824 76849 796124 83 API calls 2 library calls 76818->76849 76819 791e54 76822 791e5a 76819->76822 76823 791e71 76819->76823 76854 795551 179 API calls 76822->76854 76856 7954f1 179 API calls 76823->76856 76839 791e44 76824->76839 76850 795511 179 API calls 76824->76850 76827 791e66 76855 7954f1 179 API calls 76827->76855 76831 791e2f 76851 795551 179 API calls 76831->76851 76832 791e90 76858 7943a4 130 API calls 2 library calls 76832->76858 76835 791e3b 76852 7954d1 179 API calls 76835->76852 76836 791e9a 76859 7943a4 130 API calls 2 library calls 76836->76859 76857 795531 179 API calls 76839->76857 76840 791ea0 76860 7943a4 130 API calls 2 library calls 76840->76860 76842->75935 76844 79334c _memset 76843->76844 76861 794f6f 76844->76861 76846 7933aa 76846->75718 76847->76814 76848->76818 76849->76824 76850->76831 76851->76835 76852->76839 76853->76819 76854->76827 76855->76839 76856->76839 76857->76832 76858->76836 76859->76840 76860->76842 76882 79af5a 76861->76882 76864 794fb2 76866 795050 76864->76866 76868 798bb6 __wgetenv 99 API calls 76864->76868 76865 79af5a 128 API calls 76865->76864 76867 795058 WaitForSingleObject GetExitCodeThread CloseHandle 76866->76867 76870 795075 76866->76870 76867->76870 76869 794fce 76868->76869 76871 794fdf 76869->76871 76903 7ab3b9 85 API calls 3 library calls 76869->76903 76870->76846 76873 798bb6 __wgetenv 99 API calls 76871->76873 76874 794ff6 76873->76874 76875 795004 76874->76875 76904 7ab3b9 85 API calls 3 library calls 76874->76904 76875->76866 76877 79502d 76875->76877 76905 7ab3b9 85 API calls 3 library calls 76875->76905 76877->76866 76878 795045 76877->76878 76906 794e3a 185 API calls 2 library calls 76878->76906 76881 79504f 76881->76866 76883 79af6a 76882->76883 76884 79af7e 76882->76884 76910 79ab01 66 API calls __getptd_noexit 76883->76910 76907 79d34f TlsGetValue 76884->76907 76887 79af6f 76911 79d2d6 11 API calls __close 76887->76911 76890 79fe3d __calloc_crt 66 API calls 76891 79af90 76890->76891 76892 79afe1 76891->76892 76894 79d50a __getptd 66 API calls 76891->76894 76912 798dd0 66 API calls 2 library calls 76892->76912 76896 79af9d 76894->76896 76895 79afe7 76897 794f94 76895->76897 76913 79ab27 66 API calls 3 library calls 76895->76913 76898 79d3dd __initptd 66 API calls 76896->76898 76897->76864 76897->76865 76900 79afa6 CreateThread 76898->76900 76900->76897 76902 79afd9 GetLastError 76900->76902 76914 79aef5 76900->76914 76902->76892 76903->76871 76904->76875 76905->76877 76906->76881 76908 79af84 76907->76908 76909 79d364 DecodePointer TlsSetValue 76907->76909 76908->76890 76909->76908 76910->76887 76911->76897 76912->76895 76913->76897 76915 79d34f ___set_flsgetvalue 3 API calls 76914->76915 76916 79af00 76915->76916 76929 79d32f TlsGetValue 76916->76929 76919 79af39 76931 79d524 76919->76931 76920 79af0f 76977 79d383 DecodePointer 76920->76977 76922 79af54 76967 79aeb4 76922->76967 76925 79af1e 76927 79af2f GetCurrentThreadId 76925->76927 76928 79af22 GetLastError ExitThread 76925->76928 76927->76922 76930 79af0b 76929->76930 76930->76919 76930->76920 76933 79d530 __tzset_nolock 76931->76933 76932 79d548 76934 79d556 76932->76934 76979 798dd0 66 API calls 2 library calls 76932->76979 76933->76932 76935 79d632 __tzset_nolock 76933->76935 76978 798dd0 66 API calls 2 library calls 76933->76978 76938 79d564 76934->76938 76980 798dd0 66 API calls 2 library calls 76934->76980 76935->76922 76940 79d572 76938->76940 76981 798dd0 66 API calls 2 library calls 76938->76981 76942 79d580 76940->76942 76982 798dd0 66 API calls 2 library calls 76940->76982 76943 79d58e 76942->76943 76983 798dd0 66 API calls 2 library calls 76942->76983 76946 79d59c 76943->76946 76984 798dd0 66 API calls 2 library calls 76943->76984 76948 79d5ad 76946->76948 76985 798dd0 66 API calls 2 library calls 76946->76985 76950 79ceac __lock 66 API calls 76948->76950 76951 79d5b5 76950->76951 76952 79d5da 76951->76952 76953 79d5c1 InterlockedDecrement 76951->76953 76987 79d63e LeaveCriticalSection _doexit 76952->76987 76953->76952 76954 79d5cc 76953->76954 76954->76952 76986 798dd0 66 API calls 2 library calls 76954->76986 76956 79d5e7 76958 79ceac __lock 66 API calls 76956->76958 76959 79d5ee 76958->76959 76960 79d61f 76959->76960 76988 7a4fb5 8 API calls 76959->76988 76990 79d64a LeaveCriticalSection _doexit 76960->76990 76963 79d62c 76991 798dd0 66 API calls 2 library calls 76963->76991 76965 79d603 76965->76960 76989 7a504e 66 API calls 4 library calls 76965->76989 76968 79aec0 __tzset_nolock 76967->76968 76969 79d50a __getptd 66 API calls 76968->76969 76970 79aec5 76969->76970 76992 791ff3 76970->76992 76973 79aed5 76974 79ef45 __XcptFilter 66 API calls 76973->76974 76975 79aee6 76974->76975 76977->76925 76978->76932 76979->76934 76980->76938 76981->76940 76982->76942 76983->76943 76984->76946 76985->76948 76986->76952 76987->76956 76988->76965 76989->76960 76990->76963 76991->76935 76993 79202c 76992->76993 76994 793ad9 2 API calls 76993->76994 76995 792031 76994->76995 77049 79141d 76995->77049 76997 792047 76998 792060 76997->76998 77124 793ba3 105 API calls 5 library calls 76997->77124 76999 792072 76998->76999 77125 791a28 107 API calls 76998->77125 77007 792080 76999->77007 77016 79212a 76999->77016 77128 7919d2 107 API calls 76999->77128 77002 792058 77004 798a0a 66 API calls 77002->77004 77004->76998 77005 7920d2 77010 7920fa 77005->77010 77011 7920e0 77005->77011 77126 793d4c MessageBoxA 77007->77126 77008 7922ce 77008->77007 77015 7922e0 77008->77015 77014 792103 77010->77014 77010->77016 77129 793d4c MessageBoxA 77011->77129 77012 792088 77038 7920a0 77012->77038 77127 793ba3 105 API calls 5 library calls 77012->77127 77014->77038 77130 793ba3 105 API calls 5 library calls 77014->77130 77015->77038 77137 793ba3 105 API calls 5 library calls 77015->77137 77020 793ad9 2 API calls 77016->77020 77022 792180 77016->77022 77042 79229c 77016->77042 77021 792169 77020->77021 77026 793971 99 API calls 77021->77026 77023 7921cf 77022->77023 77131 798a72 104 API calls 8 library calls 77022->77131 77061 791685 77023->77061 77026->77022 77027 7921a0 77132 798a72 104 API calls 8 library calls 77027->77132 77029 7921ad 77029->77023 77133 798a72 104 API calls 8 library calls 77029->77133 77031 7921f4 77134 793ba3 105 API calls 5 library calls 77031->77134 77035 79220b 77036 79220f 77035->77036 77039 792222 77035->77039 77135 793ba3 105 API calls 5 library calls 77036->77135 77043 79ae95 77038->77043 77039->77007 77039->77031 77086 79451d 77039->77086 77041 79227e 77041->77007 77041->77031 77041->77042 77136 791ab9 107 API calls 77042->77136 77044 79d491 __getptd_noexit 66 API calls 77043->77044 77045 79ae9f 77044->77045 77046 79aeaa ExitThread 77045->77046 77138 79d653 79 API calls __freefls@4 77045->77138 77048 79aea9 77048->77046 77050 791431 _memset 77049->77050 77051 798a72 104 API calls 77050->77051 77054 7914c4 77050->77054 77052 791462 77051->77052 77053 798a72 104 API calls 77052->77053 77055 79146f 77053->77055 77054->76997 77056 798a72 104 API calls 77055->77056 77057 79148d 77056->77057 77058 798a72 104 API calls 77057->77058 77059 79149a 77058->77059 77059->77054 77060 798a72 104 API calls 77059->77060 77060->77059 77062 7914eb 107 API calls 77061->77062 77063 791695 77062->77063 77064 79169c 77063->77064 77068 7916ae 77063->77068 77065 793ba3 105 API calls 77064->77065 77066 7916a6 77065->77066 77066->77007 77066->77031 77080 79175d 77066->77080 77067 7916bc 77070 79170f 77067->77070 77071 79151b 107 API calls 77067->77071 77068->77067 77069 793ad9 QueryPerformanceFrequency QueryPerformanceCounter 77068->77069 77069->77067 77072 793ba3 105 API calls 77070->77072 77073 7916e5 77071->77073 77072->77066 77073->77066 77073->77070 77074 79171e 77073->77074 77074->77066 77075 793ad9 QueryPerformanceFrequency QueryPerformanceCounter 77074->77075 77076 79172c 77075->77076 77077 798a72 104 API calls 77076->77077 77078 791744 77077->77078 77079 798a72 104 API calls 77078->77079 77079->77066 77081 7914eb 107 API calls 77080->77081 77082 791764 77081->77082 77083 793ba3 105 API calls 77082->77083 77085 791792 77082->77085 77084 791775 77083->77084 77084->77035 77085->77035 77087 7914eb 107 API calls 77086->77087 77088 79452f 77087->77088 77089 794537 77088->77089 77090 794546 77088->77090 77092 793ba3 105 API calls 77089->77092 77091 79454e 77090->77091 77095 794562 77090->77095 77093 7915ee 107 API calls 77091->77093 77094 794541 77092->77094 77111 79455a 77093->77111 77094->77041 77096 7944ac 100 API calls 77095->77096 77097 79457d 77096->77097 77098 7945ae __tzset_nolock 77097->77098 77099 794584 77097->77099 77102 7945c9 77098->77102 77103 7945e6 77098->77103 77100 793971 99 API calls 77099->77100 77101 794590 77100->77101 77104 793971 99 API calls 77101->77104 77105 793971 99 API calls 77102->77105 77106 793904 97 API calls 77103->77106 77107 79459a 77104->77107 77108 7945d3 77105->77108 77116 7945f1 __tzset_nolock _strlen 77106->77116 77109 7915ee 107 API calls 77107->77109 77110 793971 99 API calls 77108->77110 77109->77111 77112 7945df 77110->77112 77111->77041 77113 7915ee 107 API calls 77112->77113 77113->77111 77114 793904 97 API calls 77114->77116 77115 793b5d 102 API calls 77115->77116 77116->77111 77116->77112 77116->77114 77116->77115 77117 793971 99 API calls 77116->77117 77118 794695 77116->77118 77117->77116 77118->77112 77119 7946cf 77118->77119 77120 7946fd 77119->77120 77121 7946ef 77119->77121 77122 7915ee 107 API calls 77120->77122 77123 793ba3 105 API calls 77121->77123 77122->77111 77123->77111 77124->77002 77125->76999 77126->77012 77127->77038 77128->77005 77129->77012 77130->77038 77131->77027 77132->77029 77133->77029 77134->77012 77135->77038 77136->77008 77137->77038 77138->77048 77139->75943 77140->75956 77141->75959 77142->75958 77144 7988d6 __tzset_nolock 77143->77144 77145 79ceac __lock 61 API calls 77144->77145 77146 7988dd 77145->77146 77148 798908 DecodePointer 77146->77148 77152 798987 77146->77152 77150 79891f DecodePointer 77148->77150 77148->77152 77158 798932 77150->77158 77151 798a04 __tzset_nolock 77151->75541 77164 7989f5 77152->77164 77155 7989ec 77156 7987b2 _doexit 3 API calls 77155->77156 77157 7989f5 77156->77157 77159 798a02 77157->77159 77171 79cdd3 LeaveCriticalSection 77157->77171 77158->77152 77160 798949 DecodePointer 77158->77160 77163 798958 DecodePointer DecodePointer 77158->77163 77169 79d31d EncodePointer 77158->77169 77159->75541 77170 79d31d EncodePointer 77160->77170 77163->77158 77165 7989fb 77164->77165 77166 7989d5 77164->77166 77172 79cdd3 LeaveCriticalSection 77165->77172 77166->77151 77168 79cdd3 LeaveCriticalSection 77166->77168 77168->77155 77169->77158 77170->77158 77171->77159 77172->77166 77173 6b9d472c 77174 6b9d473c 77173->77174 77175 6b9d4737 77173->77175 77179 6b9d4616 77174->77179 77187 6b9d4ac4 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 77175->77187 77178 6b9d474a 77180 6b9d4622 ___DllMainCRTStartup 77179->77180 77181 6b9d4649 ___DllMainCRTStartup 77180->77181 77185 6b9d467d 77180->77185 77188 6b9d440c 77180->77188 77181->77178 77183 6b9d46ad 77183->77181 77184 6b9d440c __CRT_INIT@12 19 API calls 77183->77184 77184->77181 77185->77181 77185->77183 77186 6b9d440c __CRT_INIT@12 19 API calls 77185->77186 77186->77183 77187->77174 77189 6b9d441d 77188->77189 77193 6b9d444f 77188->77193 77190 6b9d4448 __IsNonwritableInCurrentImage 77189->77190 77192 6b9d4532 InterlockedCompareExchange 77189->77192 77194 6b9d453c 77189->77194 77197 6b9d4527 Sleep 77189->77197 77190->77185 77191 6b9d4485 InterlockedCompareExchange 77191->77193 77195 6b9d448d 77191->77195 77192->77189 77192->77194 77193->77190 77193->77191 77193->77195 77196 6b9d4478 Sleep 77193->77196 77200 6b9d455c DecodePointer 77194->77200 77201 6b9d454f _amsg_exit 77194->77201 77198 6b9d44ab _initterm_e 77195->77198 77199 6b9d44a2 _amsg_exit 77195->77199 77196->77191 77197->77192 77198->77190 77203 6b9d44ce _initterm 77198->77203 77202 6b9d44e4 77199->77202 77204 6b9d45f8 77200->77204 77205 6b9d4575 DecodePointer 77200->77205 77201->77190 77202->77190 77207 6b9d44ec InterlockedExchange 77202->77207 77203->77202 77204->77190 77206 6b9d4604 InterlockedExchange 77204->77206 77208 6b9d4588 77205->77208 77206->77190 77207->77190 77209 6b9d45de free _encoded_null 77208->77209 77210 6b9d4595 _encoded_null 77208->77210 77209->77204 77210->77208 77211 6b9d459f DecodePointer _encoded_null 77210->77211 77212 6b9d45b1 DecodePointer DecodePointer 77211->77212 77212->77208 77213 6b996f48 77214 6b996f54 __EH_prolog3_catch 77213->77214 77220 6b9c4450 77214->77220 77216 6b996f62 77217 6b997329 _CxxThrowException 77216->77217 77219 6b996feb moneypunct 77216->77219 77218 6b997348 77217->77218 77221 6b9c44c9 77220->77221 77222 6b9c448b GetCurrentThreadId 77220->77222 77221->77216 77222->77221 77223 6b9c4499 _CxxThrowException CreateEventW WaitForSingleObject 77222->77223 77223->77216 77224 6b9ab2cd RegOpenKeyExW 77225 6b9ab2f9 RegQueryValueExW 77224->77225 77226 6b9ab344 77224->77226 77227 6b9ab33b RegCloseKey 77225->77227 77228 6b9ab31e 77225->77228 77227->77226 77228->77227 77229 6b9c4830 77230 6b9c4865 77229->77230 77231 6b9c4450 4 API calls 77230->77231 77232 6b9c486a 77231->77232

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 466 794dc6-794deb call 793971 call 794cdb LoadLibraryA 471 794ded-794df5 466->471 472 794df7-794e1c GetProcAddress * 2 466->472 473 794e2e-794e36 call 793ba3 471->473 474 794e1e-794e20 472->474 475 794e26-794e29 472->475 478 794e37-794e39 473->478 474->475 476 794e22-794e24 474->476 475->473 476->478
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00793971: _vwprintf.LIBCMT ref: 00793983
                                                                                                                                                                                                    • Part of subcall function 00794CDB: _strlen.LIBCMT ref: 00794D21
                                                                                                                                                                                                    • Part of subcall function 00794CDB: _strlen.LIBCMT ref: 00794D2F
                                                                                                                                                                                                    • Part of subcall function 00794CDB: _strlen.LIBCMT ref: 00794D3A
                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(?), ref: 00794DE1
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,JNI_CreateJavaVM), ref: 00794E05
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,JNI_GetDefaultJavaVMInitArgs), ref: 00794E12
                                                                                                                                                                                                    • Part of subcall function 00793BA3: _vwprintf.LIBCMT ref: 00793BB8
                                                                                                                                                                                                    • Part of subcall function 00793BA3: _vswprintf_s.LIBCMT ref: 00793BD3
                                                                                                                                                                                                    • Part of subcall function 00793BA3: MessageBoxA.USER32(00000000,00000000,Java Virtual Machine Launcher,00000010), ref: 00793BE9
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • JNI_GetDefaultJavaVMInitArgs, xrefs: 00794E0A
                                                                                                                                                                                                  • Error: loading: %s, xrefs: 00794DF0
                                                                                                                                                                                                  • JVM path is %s, xrefs: 00794DCD
                                                                                                                                                                                                  • JNI_CreateJavaVM, xrefs: 00794DFF
                                                                                                                                                                                                  • Error: can't find JNI interfaces in: %s, xrefs: 00794E29
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2105675209.0000000000791000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105651111.0000000000790000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105703592.00000000007AC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105726047.00000000007B4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105746956.00000000007B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_790000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _strlen$AddressProc_vwprintf$LibraryLoadMessage_vswprintf_s
                                                                                                                                                                                                  • String ID: Error: can't find JNI interfaces in: %s$Error: loading: %s$JNI_CreateJavaVM$JNI_GetDefaultJavaVMInitArgs$JVM path is %s
                                                                                                                                                                                                  • API String ID: 888266038-3810690643
                                                                                                                                                                                                  • Opcode ID: 06ed0d270f0ce087742d05e5f6efceacc9f4a629f88b4888612fe01ac6a0653d
                                                                                                                                                                                                  • Instruction ID: 64665f35ba1bcf7721b682d26a720386d3a6b49b2d8bc67c6a722cad78174021
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 06ed0d270f0ce087742d05e5f6efceacc9f4a629f88b4888612fe01ac6a0653d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61F04CB6104305FFCF212FA4FC01D9BBBDCEF96760B10801AF50556051DABDE8429B50

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B996F4F
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B99733E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionThrow$CreateCurrentEnv@8EventH_prolog3_catchObjectSingleThreadWait
                                                                                                                                                                                                  • String ID: ()Ljava/awt/Font;$()Ljava/awt/Point;$()Ljava/awt/Toolkit;$()V$()Z$()[I$Ljava/awt/Color;$Ljava/awt/Container;$Ljava/awt/Cursor;$Ljava/awt/GraphicsConfiguration;$Ljava/awt/peer/ComponentPeer;$Lsun/awt/AppContext;$Lsun/awt/Win32GraphicsConfig;$appContext$background$cursor$disposeLater$enabled$focusable$foreground$getButtonDownMasks$getFont_NoClientCode$getLocationOnScreen_NoTreeLock$getToolkitImpl$graphicsConfig$height$hwnd$isEnabledImpl$java/awt/event/InputEvent$parent$peer$replaceSurfaceData$replaceSurfaceDataLater$sun/awt/windows/WComponentPeer$visible$width$winGraphicsConfig
                                                                                                                                                                                                  • API String ID: 2813242525-2195416285
                                                                                                                                                                                                  • Opcode ID: 2bcd9ffbe90c687f2701bdcc25d0dc2f000683da352c098d8f270e0cb3e4a1be
                                                                                                                                                                                                  • Instruction ID: 95c3a645840d798e125f6cde69cd5bcc96beae716e497d9131c08ef872acbed0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2bcd9ffbe90c687f2701bdcc25d0dc2f000683da352c098d8f270e0cb3e4a1be
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4B17D74245602AFEB529F65EC49F9A3BB8AF8A344B548469FC84CB251DF3CC542CB70

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 80 792f8a-792fc5 call 7939b2 83 792fd2-792fe4 call 799f5a 80->83 84 792fc7-792fcf call 793ad9 80->84 89 79300b-79301f call 799d66 83->89 90 792fe6-792fed 83->90 84->83 97 7932e5-7932e8 call 799c59 89->97 98 793025-793028 89->98 92 792fef-792ffe call 793ba3 call 798a0a 90->92 93 793003-793006 90->93 92->93 96 793322-793338 call 7996e8 93->96 107 7932ed-7932fe call 7939b2 97->107 101 793029-793033 98->101 105 793039-79303d 101->105 106 7932c8-7932d4 call 799d66 101->106 109 79303f-79304f call 793ba3 105->109 110 793052-79305a 105->110 112 7932d9-7932de 106->112 122 793320 107->122 123 793300-79331d call 793ad9 call 793b1f call 798a72 107->123 109->110 114 79305c-79305e 110->114 115 7930b6-7930df call 799060 call 799d20 110->115 112->101 117 7932e4 112->117 120 793060-793063 114->120 121 793065 114->121 135 7930fa-793100 115->135 136 7930e1-7930f8 call 799cd0 115->136 117->97 125 793068-79306b 120->125 121->125 122->96 123->122 129 79306d 125->129 130 793070-793085 call 793904 125->130 129->130 139 79309b-7930b0 call 79396c 130->139 140 793087-793098 call 799180 130->140 138 793105-79310d call 793ba3 135->138 136->135 151 793112-793121 call 7939b8 136->151 152 79323b-793252 call 793971 138->152 139->115 140->139 157 793239 151->157 158 793127-793136 call 7939b8 151->158 152->106 159 793254-79326e call 79394b 152->159 157->152 164 793138-79314b call 799d20 158->164 165 79317f-79318e call 7939b8 158->165 167 793270-793273 159->167 168 793297-7932b2 call 79394b 159->168 164->135 179 79314d-793160 call 799cd0 164->179 175 793190-793192 165->175 176 793197-7931a6 call 7939b8 165->176 171 7932bf-7932c5 167->171 172 793275-793295 call 79394b 167->172 183 7932b7-7932bc call 793971 168->183 171->106 172->183 180 793223-793224 175->180 188 7931a8-7931aa 176->188 189 7931ac-7931bb call 7939b8 176->189 179->135 191 793162-79317a call 799d20 179->191 180->152 183->171 188->180 196 7931bd-7931bf 189->196 197 7931c1-7931d0 call 7939b8 189->197 191->152 196->180 200 7931d2-7931e5 call 799d20 197->200 201 793226-793236 call 793ba3 197->201 206 7931fc-793207 200->206 207 7931e7-7931fa call 799cd0 200->207 201->157 206->138 207->206 210 79320c-793221 call 799d20 207->210 210->180
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00793AD9: QueryPerformanceFrequency.KERNEL32(007B5498,?,?,?,0079172C,00000000,checkAndLoadMain,(ZILjava/lang/String;)Ljava/lang/Class;), ref: 00793AEC
                                                                                                                                                                                                  • _fgets.LIBCMT ref: 00793015
                                                                                                                                                                                                  • _memmove.LIBCMT ref: 00793093
                                                                                                                                                                                                  • _strlen.LIBCMT ref: 007930BA
                                                                                                                                                                                                  • _strcspn.LIBCMT ref: 007930D0
                                                                                                                                                                                                  • _strspn.LIBCMT ref: 007930EC
                                                                                                                                                                                                    • Part of subcall function 00793BA3: _vwprintf.LIBCMT ref: 00793BB8
                                                                                                                                                                                                    • Part of subcall function 00793BA3: _vswprintf_s.LIBCMT ref: 00793BD3
                                                                                                                                                                                                    • Part of subcall function 00793BA3: MessageBoxA.USER32(00000000,00000000,Java Virtual Machine Launcher,00000010), ref: 00793BE9
                                                                                                                                                                                                    • Part of subcall function 007939B8: _strlen.LIBCMT ref: 007939BC
                                                                                                                                                                                                    • Part of subcall function 007939B8: _strncmp.LIBCMT ref: 007939CA
                                                                                                                                                                                                  • _strcspn.LIBCMT ref: 0079313F
                                                                                                                                                                                                  • _strspn.LIBCMT ref: 00793154
                                                                                                                                                                                                  • _strcspn.LIBCMT ref: 0079316C
                                                                                                                                                                                                  • _fgets.LIBCMT ref: 007932D4
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • VM_ALIASED_TO, xrefs: 007932A6
                                                                                                                                                                                                  • Warning: Missing VM type on line %d of `%s', xrefs: 00793100
                                                                                                                                                                                                  • WARN, xrefs: 0079317F
                                                                                                                                                                                                  • name: %s vmType: %s alias: %s, xrefs: 007932B2
                                                                                                                                                                                                  • jvm.cfg[%d] = ->%s<-, xrefs: 00793242
                                                                                                                                                                                                  • KNOWN, xrefs: 00793112
                                                                                                                                                                                                  • ERROR, xrefs: 007931AC
                                                                                                                                                                                                  • IF_SERVER_CLASS, xrefs: 007931C1
                                                                                                                                                                                                  • Warning: Unknown VM type on line %d of `%s', xrefs: 0079322C
                                                                                                                                                                                                  • %ld micro seconds to parse jvm.cfg, xrefs: 00793313
                                                                                                                                                                                                  • VM_IF_SERVER_CLASS, xrefs: 00793284
                                                                                                                                                                                                  • Warning: Missing server class VM on line %d of `%s', xrefs: 00793202
                                                                                                                                                                                                  • Warning: No leading - on line %d of `%s', xrefs: 00793045
                                                                                                                                                                                                  • IGNORE, xrefs: 00793197
                                                                                                                                                                                                  • Error: could not open `%s', xrefs: 00792FF0
                                                                                                                                                                                                  • name: %s vmType: %s server_class: %s, xrefs: 00793290
                                                                                                                                                                                                  • ALIASED_TO, xrefs: 00793127
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2105675209.0000000000791000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105651111.0000000000790000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105703592.00000000007AC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105726047.00000000007B4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105746956.00000000007B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_790000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _strcspn$_fgets_strlen_strspn$FrequencyMessagePerformanceQuery_memmove_strncmp_vswprintf_s_vwprintf
                                                                                                                                                                                                  • String ID: name: %s vmType: %s alias: %s$ name: %s vmType: %s server_class: %s$%ld micro seconds to parse jvm.cfg$ALIASED_TO$ERROR$Error: could not open `%s'$IF_SERVER_CLASS$IGNORE$KNOWN$VM_ALIASED_TO$VM_IF_SERVER_CLASS$WARN$Warning: Missing VM type on line %d of `%s'$Warning: Missing server class VM on line %d of `%s'$Warning: No leading - on line %d of `%s'$Warning: Unknown VM type on line %d of `%s'$jvm.cfg[%d] = ->%s<-
                                                                                                                                                                                                  • API String ID: 297572648-2085308502
                                                                                                                                                                                                  • Opcode ID: 872c7666820ef5dd1a0c235fdfd9e80a4deb7ae5acf0f62522b4757a773f8c52
                                                                                                                                                                                                  • Instruction ID: 99c4533cd678b9240c2bcda3688d09473d521010923992e87a74d7abba5ab1b8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 872c7666820ef5dd1a0c235fdfd9e80a4deb7ae5acf0f62522b4757a773f8c52
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0A11572D04609EEEF21ABA8BC0AF9D7BE5EF05324F20410EF505A7192EB7D5A01CB45

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 00793A4E: GetModuleFileNameA.KERNEL32(00000000,?,?,?,007947E5,?,?,?,00000104), ref: 00793A5A
                                                                                                                                                                                                    • Part of subcall function 00793A4E: _strrchr.LIBCMT ref: 00793A63
                                                                                                                                                                                                    • Part of subcall function 00793A4E: _strrchr.LIBCMT ref: 00793A6E
                                                                                                                                                                                                  • RegOpenKeyExA.ADVAPI32(80000002,Software\JavaSoft\Java Runtime Environment,00000000,00020019,?,_JAVA_SPLASH_FILE,?,00000104), ref: 007948B8
                                                                                                                                                                                                    • Part of subcall function 00793B5D: _vswprintf_s.LIBCMT ref: 00793B7D
                                                                                                                                                                                                  • __stat64i32.LIBCMT ref: 00794812
                                                                                                                                                                                                  • _strlen.LIBCMT ref: 00794832
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00794920
                                                                                                                                                                                                  • RegOpenKeyExA.ADVAPI32(?,?,00000000,00020019,?), ref: 0079496E
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 007949C6
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00794A28
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00794A2D
                                                                                                                                                                                                    • Part of subcall function 00793A87: RegQueryValueExA.ADVAPI32(?,?,00000000,?,00000000,00000104,Software\JavaSoft\Java Runtime Environment,?,?,?,00794909,?,CurrentVersion,?,00000104), ref: 00793AA5
                                                                                                                                                                                                    • Part of subcall function 00793A87: RegQueryValueExA.ADVAPI32(00000001,?,00000000,00000000,?,00000104,?,?,?,00794909,?,CurrentVersion), ref: 00793ACA
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 007949CB
                                                                                                                                                                                                    • Part of subcall function 00793971: _vwprintf.LIBCMT ref: 00793983
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2105675209.0000000000791000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105651111.0000000000790000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105703592.00000000007AC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105726047.00000000007B4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105746956.00000000007B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_790000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Close$OpenQueryValue_strrchr$FileModuleName__stat64i32_strlen_vswprintf_s_vwprintf
                                                                                                                                                                                                  • String ID: %s\bin\java.dll$%s\jre\bin\java.dll$CurrentVersion$Error: Failed reading value of registry key:%s\CurrentVersion$Error: Registry key '%s'\CurrentVersion'has value '%s', but '%s' is required.$Error: could not find java.dll$Error: opening registry key '%s'$Failed reading value of registry key:%s\%s\JavaHome$Insufficient space to store JRE path$JRE path is %s$JavaHome$MicroVersion$Software\JavaSoft\Java Runtime Environment$Version major.minor.micro = %s.%s$Warning: Can't read MicroVersion$\jre$_JAVA_SPLASH_FILE
                                                                                                                                                                                                  • API String ID: 3601377668-3297123116
                                                                                                                                                                                                  • Opcode ID: 67e79c474f14cc33338ec8f9711480564978efae2d03dad3ba309c9505e63e04
                                                                                                                                                                                                  • Instruction ID: 73ed16819d66084c9ee625a09ea49c84038ca06ec8b99c836c656c2ccfc345ae
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 67e79c474f14cc33338ec8f9711480564978efae2d03dad3ba309c9505e63e04
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1451BEB2845108EAEF30BBA4BC4AEDE3B6CDF56354F100156F50A97082EA7D6A15CB61

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 372 794f6f-794f8f call 79af5a 374 794f94-794f9c 372->374 375 794fb8-794fbe 374->375 376 794f9e-794fb5 call 79af5a 374->376 378 795051-795056 375->378 379 794fc4-794fd6 call 798bb6 375->379 376->375 380 795058-795073 WaitForSingleObject GetExitCodeThread CloseHandle 378->380 381 795075-79507b 378->381 389 794fd8-794fe3 call 7ab3b9 379->389 390 794feb-794ffb call 798bb6 379->390 384 79507e-795086 380->384 381->384 387 795088 call 794472 384->387 388 79508d-795091 384->388 387->388 389->390 398 794fe5 389->398 396 794ffd-795008 call 7ab3b9 390->396 397 795010-795016 390->397 396->397 406 79500a 396->406 400 795018-795020 397->400 401 795043 397->401 398->390 403 795050 400->403 404 795022-795031 call 7ab3b9 400->404 401->403 405 795045-79504f call 794e3a 401->405 403->378 411 79503d 404->411 412 795033 404->412 405->403 406->397 411->401 412->411
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __wgetenv.LIBCMT ref: 00794FC9
                                                                                                                                                                                                  • __wgetenv.LIBCMT ref: 00794FF1
                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?), ref: 0079505B
                                                                                                                                                                                                  • GetExitCodeThread.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 00795066
                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?), ref: 0079506D
                                                                                                                                                                                                    • Part of subcall function 0079AF5A: ___set_flsgetvalue.LIBCMT ref: 0079AF7F
                                                                                                                                                                                                    • Part of subcall function 0079AF5A: __calloc_crt.LIBCMT ref: 0079AF8B
                                                                                                                                                                                                    • Part of subcall function 0079AF5A: __getptd.LIBCMT ref: 0079AF98
                                                                                                                                                                                                    • Part of subcall function 0079AF5A: __initptd.LIBCMT ref: 0079AFA1
                                                                                                                                                                                                    • Part of subcall function 0079AF5A: CreateThread.KERNEL32(?,?,0079AEF5,00000000,?,?), ref: 0079AFCF
                                                                                                                                                                                                    • Part of subcall function 0079AF5A: GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 0079AFD9
                                                                                                                                                                                                    • Part of subcall function 0079AF5A: _free.LIBCMT ref: 0079AFE2
                                                                                                                                                                                                    • Part of subcall function 0079AF5A: __dosmaperr.LIBCMT ref: 0079AFED
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2105675209.0000000000791000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105651111.0000000000790000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105703592.00000000007AC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105726047.00000000007B4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105746956.00000000007B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_790000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Thread__wgetenv$CloseCodeCreateErrorExitHandleLastObjectSingleWait___set_flsgetvalue__calloc_crt__dosmaperr__getptd__initptd_free
                                                                                                                                                                                                  • String ID: J2D_D3D$J2D_D3D_PRELOAD$false$preloadD3D$true
                                                                                                                                                                                                  • API String ID: 2452802370-3397395437
                                                                                                                                                                                                  • Opcode ID: c707b47463a9543e41ed567c7a2a6658ce233b8dcbe9a948063f09ca28ea4e90
                                                                                                                                                                                                  • Instruction ID: b8115cc3730bf17b6d3751924d7f223b04ee17314ab7a2751a5bf5bd999a620f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c707b47463a9543e41ed567c7a2a6658ce233b8dcbe9a948063f09ca28ea4e90
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B931D371800615FFCF22AFA8BC49E9F7BB8EB82320B204355F504A6151E73D89418795

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 413 794cdb-794cfe 414 794dae 413->414 415 794d04-794d15 call 7947b7 413->415 416 794db0-794dc5 call 7996e8 414->416 420 794d1b-794d46 call 799060 * 3 415->420 421 794da4 415->421 429 794d48-794d4d call 793ba3 420->429 430 794d57-794d83 call 799600 call 793971 call 79ae7d 420->430 421->414 433 794d52-794d55 429->433 430->421 439 794d85-794d91 LoadLibraryA 430->439 433->416 439->421 440 794d93-794da2 call 793ba3 439->440 440->433
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 007947B7: __stat64i32.LIBCMT ref: 00794812
                                                                                                                                                                                                  • _strlen.LIBCMT ref: 00794D21
                                                                                                                                                                                                  • _strlen.LIBCMT ref: 00794D2F
                                                                                                                                                                                                  • _strlen.LIBCMT ref: 00794D3A
                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(?,?,?,?,?,?,\bin\verify.dll), ref: 00794D89
                                                                                                                                                                                                    • Part of subcall function 00793BA3: _vwprintf.LIBCMT ref: 00793BB8
                                                                                                                                                                                                    • Part of subcall function 00793BA3: _vswprintf_s.LIBCMT ref: 00793BD3
                                                                                                                                                                                                    • Part of subcall function 00793BA3: MessageBoxA.USER32(00000000,00000000,Java Virtual Machine Launcher,00000010), ref: 00793BE9
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2105675209.0000000000791000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105651111.0000000000790000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105703592.00000000007AC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105726047.00000000007B4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105746956.00000000007B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_790000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _strlen$LibraryLoadMessage__stat64i32_vswprintf_s_vwprintf
                                                                                                                                                                                                  • String ID: CRT path is %s$Error: Path length exceeds maximum length (PATH_MAX)$Error: loading: %s$\bin\msvcr100.dll$\bin\verify.dll$msvcr100.dll
                                                                                                                                                                                                  • API String ID: 3923379734-173101456
                                                                                                                                                                                                  • Opcode ID: 8ea5bea4eb5e27e1e885f93407c2d944a4a13f83f2384a65b9b78a244e3172a1
                                                                                                                                                                                                  • Instruction ID: 969d9182fd8f49502233a6cb3fc6ed37c6a1d180190b1f30dc8cb1fe3bc47796
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ea5bea4eb5e27e1e885f93407c2d944a4a13f83f2384a65b9b78a244e3172a1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C11B7B6640219EBDF20BBA8FC86FED33ACAF41718F100529F651D6181EF7C55498750

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 443 79141d-791456 call 799570 call 7939b2 448 791458-79147b call 798a72 * 2 443->448 449 7914c4-7914ea call 79396c 443->449 457 79147d 448->457 458 791482-7914a5 call 798a72 * 2 448->458 457->458 458->449 463 7914a7-7914c2 call 798a72 458->463 463->449
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _memset.LIBCMT ref: 0079142C
                                                                                                                                                                                                    • Part of subcall function 00798A72: __stbuf.LIBCMT ref: 00798AC0
                                                                                                                                                                                                    • Part of subcall function 00798A72: __ftbuf.LIBCMT ref: 00798AE9
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2105675209.0000000000791000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105651111.0000000000790000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105703592.00000000007AC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105726047.00000000007B4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105746956.00000000007B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_790000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __ftbuf__stbuf_memset
                                                                                                                                                                                                  • String ID: option[%2d] = '%s'$JNI_FALSE$JNI_TRUE$JavaVM args: $ignoreUnrecognized is %s, $nOptions is %ld$version 0x%08lx,
                                                                                                                                                                                                  • API String ID: 2530426458-3298565182
                                                                                                                                                                                                  • Opcode ID: 8f7d7f3b06bf2e6412b075a297c9797a5b136132c7244d8a797c73e43f267fec
                                                                                                                                                                                                  • Instruction ID: 52a3736e6d201431758339e10a2e69d11bc8948fb898948f27bb009740bdc238
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f7d7f3b06bf2e6412b075a297c9797a5b136132c7244d8a797c73e43f267fec
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69112971D00254FBCF12EBE4AC06FAD7BA4EB09314F448154F805A7261E67DCA508B92

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 480 79af5a-79af68 481 79af6a-79af7c call 79ab01 call 79d2d6 480->481 482 79af7e-79af96 call 79d34f call 79fe3d 480->482 491 79aff6-79aff9 481->491 492 79af98-79afba call 79d50a call 79d3dd 482->492 493 79afe1-79afea call 798dd0 482->493 505 79afbc 492->505 506 79afbf-79afd7 CreateThread 492->506 498 79afec-79aff2 call 79ab27 493->498 499 79aff3 493->499 498->499 502 79aff5 499->502 502->491 505->506 506->502 507 79afd9-79afdf GetLastError 506->507 507->493
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ___set_flsgetvalue.LIBCMT ref: 0079AF7F
                                                                                                                                                                                                  • __calloc_crt.LIBCMT ref: 0079AF8B
                                                                                                                                                                                                  • __getptd.LIBCMT ref: 0079AF98
                                                                                                                                                                                                  • __initptd.LIBCMT ref: 0079AFA1
                                                                                                                                                                                                  • CreateThread.KERNEL32(?,?,0079AEF5,00000000,?,?), ref: 0079AFCF
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 0079AFD9
                                                                                                                                                                                                  • _free.LIBCMT ref: 0079AFE2
                                                                                                                                                                                                  • __dosmaperr.LIBCMT ref: 0079AFED
                                                                                                                                                                                                    • Part of subcall function 0079AB01: __getptd_noexit.LIBCMT ref: 0079AB01
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2105675209.0000000000791000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105651111.0000000000790000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105703592.00000000007AC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105726047.00000000007B4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105746956.00000000007B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_790000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit__initptd_free
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 73303432-0
                                                                                                                                                                                                  • Opcode ID: 8b5903b9313d150fca9348464ec1f3116e63a8868d74d207c4bb55a6e44e26f9
                                                                                                                                                                                                  • Instruction ID: 2df92fdd45ddbab6e3ae33ce9947878e108c196451befc7c988f3146ed2919ce
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b5903b9313d150fca9348464ec1f3116e63a8868d74d207c4bb55a6e44e26f9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93112572206306FFDF20AFA4FC0A99B37A9EF51360B100029F91486191DB78DC0187E2

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 0079443D: _memset.LIBCMT ref: 0079444A
                                                                                                                                                                                                    • Part of subcall function 0079443D: InitCommonControlsEx.COMCTL32(?), ref: 0079445D
                                                                                                                                                                                                    • Part of subcall function 00798A72: __stbuf.LIBCMT ref: 00798AC0
                                                                                                                                                                                                    • Part of subcall function 00798A72: __ftbuf.LIBCMT ref: 00798AE9
                                                                                                                                                                                                  • __wgetenv.LIBCMT ref: 007935AC
                                                                                                                                                                                                    • Part of subcall function 007913BF: _strlen.LIBCMT ref: 007913D1
                                                                                                                                                                                                    • Part of subcall function 007913BF: _strlen.LIBCMT ref: 007913DA
                                                                                                                                                                                                    • Part of subcall function 007913BF: _strlen.LIBCMT ref: 007913E7
                                                                                                                                                                                                    • Part of subcall function 007913BF: _sprintf.LIBCMT ref: 007913FE
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2105675209.0000000000791000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105651111.0000000000790000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105703592.00000000007AC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105726047.00000000007B4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105746956.00000000007B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_790000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _strlen$CommonControlsInit__ftbuf__stbuf__wgetenv_memset_sprintf
                                                                                                                                                                                                  • String ID: %ld micro seconds to LoadJavaVM$-Dsun.java.launcher.diag=true$CLASSPATH$Command line args:$argv[%d] = %s
                                                                                                                                                                                                  • API String ID: 2460755827-597257649
                                                                                                                                                                                                  • Opcode ID: cbbc0b3fa885bf76c348a3f079c8f87a1a2a218365414c7f50e0a51249651452
                                                                                                                                                                                                  • Instruction ID: f4c3cf0e6961574a1cac4b65ee5d87c2ced749f8a8a008f1c76c61abc91d0cb7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cbbc0b3fa885bf76c348a3f079c8f87a1a2a218365414c7f50e0a51249651452
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 77714F72900289EEDF21EFE4EC89EDD77B9FB09300F10411AE9099B212DA395A55CB11

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ___set_flsgetvalue.LIBCMT ref: 0079AEFB
                                                                                                                                                                                                    • Part of subcall function 0079D34F: TlsGetValue.KERNEL32(?,0079AF00), ref: 0079D358
                                                                                                                                                                                                    • Part of subcall function 0079D34F: DecodePointer.KERNEL32(?,0079AF00), ref: 0079D36A
                                                                                                                                                                                                    • Part of subcall function 0079D34F: TlsSetValue.KERNEL32(00000000,?,0079AF00), ref: 0079D379
                                                                                                                                                                                                  • ___fls_getvalue@4.LIBCMT ref: 0079AF06
                                                                                                                                                                                                    • Part of subcall function 0079D32F: TlsGetValue.KERNEL32(?,?,0079AF0B,00000000), ref: 0079D33D
                                                                                                                                                                                                  • ___fls_setvalue@8.LIBCMT ref: 0079AF19
                                                                                                                                                                                                    • Part of subcall function 0079D383: DecodePointer.KERNEL32(?,?,?,0079AF1E,00000000,?,00000000), ref: 0079D394
                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,?,00000000), ref: 0079AF22
                                                                                                                                                                                                  • ExitThread.KERNEL32 ref: 0079AF29
                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 0079AF2F
                                                                                                                                                                                                  • __freefls@4.LIBCMT ref: 0079AF4F
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2105675209.0000000000791000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105651111.0000000000790000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105703592.00000000007AC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105726047.00000000007B4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105746956.00000000007B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_790000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Value$DecodePointerThread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2383549826-0
                                                                                                                                                                                                  • Opcode ID: fe01d58c84fac99e54c8782c3820df01a112b23428a7f6fb68cebf38eee7fcda
                                                                                                                                                                                                  • Instruction ID: e6340dd23fe1af7d8adb595e104138b21cf90538a3f3f6f9aebbfca100686dc3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe01d58c84fac99e54c8782c3820df01a112b23428a7f6fb68cebf38eee7fcda
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F6F01DB4401640FBCF14BFA2ED4D84E7BAAAF853453258458B908C7212EA3DDC468BE6

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 730 6b9ab2cd-6b9ab2f7 RegOpenKeyExW 731 6b9ab2f9-6b9ab31c RegQueryValueExW 730->731 732 6b9ab344-6b9ab348 730->732 733 6b9ab33b-6b9ab33e RegCloseKey 731->733 734 6b9ab31e-6b9ab326 731->734 733->732 735 6b9ab328 734->735 736 6b9ab32e-6b9ab339 call 6b9d3e50 734->736 735->736 736->733
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows,00000000,00000001,00000000), ref: 6B9AB2EF
                                                                                                                                                                                                  • RegQueryValueExW.KERNEL32(00000000,GDIProcessHandleQuota,00000000,00000000,?,?), ref: 6B9AB314
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 6B9AB33E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • GDIProcessHandleQuota, xrefs: 6B9AB305
                                                                                                                                                                                                  • SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 6B9AB2E0
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseOpenQueryValue
                                                                                                                                                                                                  • String ID: GDIProcessHandleQuota$SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
                                                                                                                                                                                                  • API String ID: 3677997916-3108655066
                                                                                                                                                                                                  • Opcode ID: 9928871aea7b3efbf8e20d58f6fb7d66fb445191e57358042382571cb60e3490
                                                                                                                                                                                                  • Instruction ID: 7330fe4e348fe2176a34deb0354d38549ca21521d3151ff40b3fd02581b0dc9a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9928871aea7b3efbf8e20d58f6fb7d66fb445191e57358042382571cb60e3490
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80018175A08208FBEF10ABA5DD09B9D7BBDEF41714F104060E511F2180E778DA45C714

                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                  control_flow_graph 739 7943ef-7943f7 740 7943f9-794406 GetModuleHandleA 739->740 741 794431-794435 739->741 742 794408-79440b 740->742 743 79440c-794420 GetProcAddress 740->743 745 79443b-79443c 741->745 743->741 744 794422-79442f call 793ba3 743->744 744->742
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(jvm.dll,?,00791502,?,sun/launcher/LauncherHelper,00791530,?,?), ref: 007943FE
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,JVM_FindClassFromBootLoader), ref: 00794413
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2105675209.0000000000791000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105651111.0000000000790000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105703592.00000000007AC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105726047.00000000007B4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105746956.00000000007B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_790000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                                                  • String ID: Error: loading: %s$JVM_FindClassFromBootLoader$jvm.dll
                                                                                                                                                                                                  • API String ID: 1646373207-1240634009
                                                                                                                                                                                                  • Opcode ID: 43252876cdbf1fe0ca01db0993394c3d1103c3ca5e46afdb36a22ff49a83cc1c
                                                                                                                                                                                                  • Instruction ID: 167b62c31cf6417c79d7f8aa5536bb21b40ecb3078cadc85ad5e4f285b8f0b9b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43252876cdbf1fe0ca01db0993394c3d1103c3ca5e46afdb36a22ff49a83cc1c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50E0D87120A291FE9F2167B07C08F4B3B94AFD1765300C125F40AD1434E73CCC024565
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _strlen.LIBCMT ref: 00791523
                                                                                                                                                                                                    • Part of subcall function 00793BA3: _vwprintf.LIBCMT ref: 00793BB8
                                                                                                                                                                                                    • Part of subcall function 00793BA3: _vswprintf_s.LIBCMT ref: 00793BD3
                                                                                                                                                                                                    • Part of subcall function 00793BA3: MessageBoxA.USER32(00000000,00000000,Java Virtual Machine Launcher,00000010), ref: 00793BE9
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • (Z[B)Ljava/lang/String;, xrefs: 0079158D
                                                                                                                                                                                                  • Error: A JNI error has occurred, please check your installation and try again, xrefs: 00791539, 007915AA
                                                                                                                                                                                                  • makePlatformString, xrefs: 00791592
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2105675209.0000000000791000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105651111.0000000000790000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105703592.00000000007AC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105726047.00000000007B4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105746956.00000000007B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_790000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Message_strlen_vswprintf_s_vwprintf
                                                                                                                                                                                                  • String ID: (Z[B)Ljava/lang/String;$Error: A JNI error has occurred, please check your installation and try again$makePlatformString
                                                                                                                                                                                                  • API String ID: 1165818999-1765258479
                                                                                                                                                                                                  • Opcode ID: 7a0f66e7058e9d31512b36ee8242e2113fc9632c24631643be39fc16ad92591a
                                                                                                                                                                                                  • Instruction ID: 8e62acfb472d6f9139da4d98a4436e857b76f74bdeb5f4e5075bec9d1e8de32f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a0f66e7058e9d31512b36ee8242e2113fc9632c24631643be39fc16ad92591a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D21B670240602FFDF229FA5EC4CE9A3BF8EF89744B524569F842C6251DB78C9608A54
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __stat64i32.LIBCMT ref: 0079479E
                                                                                                                                                                                                    • Part of subcall function 00793B5D: _vswprintf_s.LIBCMT ref: 00793B7D
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2105675209.0000000000791000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105651111.0000000000790000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105703592.00000000007AC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105726047.00000000007B4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105746956.00000000007B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_790000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __stat64i32_vswprintf_s
                                                                                                                                                                                                  • String ID: %s\bin\%s\jvm.dll$%s\jvm.dll
                                                                                                                                                                                                  • API String ID: 2146080085-3784575571
                                                                                                                                                                                                  • Opcode ID: 6e0f518e367ec252a7d1bdd0269cc3b125be7b4f96fc660e8e9fb499d257e34d
                                                                                                                                                                                                  • Instruction ID: 5de3f6e5a6f1c5c1a652b8a6791e49c177fde69535273f1eeb4effacbf56b12d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e0f518e367ec252a7d1bdd0269cc3b125be7b4f96fc660e8e9fb499d257e34d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20F0F6B1605209B9BF10BAA4BC87DBF3BACCF47750B10015EF906991C2EF2C9E0251A6
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __getptd_noexit.LIBCMT ref: 0079AE9A
                                                                                                                                                                                                    • Part of subcall function 0079D491: GetLastError.KERNEL32(00000001,00000000,0079AB06,0079A0B2,00000000,?,0079FE09,?,00000001,?,?,0079CE37,00000018,007B2708,0000000C,0079CEC7), ref: 0079D495
                                                                                                                                                                                                    • Part of subcall function 0079D491: ___set_flsgetvalue.LIBCMT ref: 0079D4A3
                                                                                                                                                                                                    • Part of subcall function 0079D491: __calloc_crt.LIBCMT ref: 0079D4B7
                                                                                                                                                                                                    • Part of subcall function 0079D491: DecodePointer.KERNEL32(00000000,?,0079FE09,?,00000001,?,?,0079CE37,00000018,007B2708,0000000C,0079CEC7,?,?,?,0079D5B5), ref: 0079D4D1
                                                                                                                                                                                                    • Part of subcall function 0079D491: __initptd.LIBCMT ref: 0079D4E0
                                                                                                                                                                                                    • Part of subcall function 0079D491: GetCurrentThreadId.KERNEL32 ref: 0079D4E7
                                                                                                                                                                                                    • Part of subcall function 0079D491: SetLastError.KERNEL32(00000000,?,0079FE09,?,00000001,?,?,0079CE37,00000018,007B2708,0000000C,0079CEC7,?,?,?,0079D5B5), ref: 0079D4FF
                                                                                                                                                                                                  • __freeptd.LIBCMT ref: 0079AEA4
                                                                                                                                                                                                    • Part of subcall function 0079D653: TlsGetValue.KERNEL32(?,?,0079AEA9,00000000,?,0079AED5,00000000), ref: 0079D674
                                                                                                                                                                                                    • Part of subcall function 0079D653: TlsGetValue.KERNEL32(?,?,0079AEA9,00000000,?,0079AED5,00000000), ref: 0079D686
                                                                                                                                                                                                    • Part of subcall function 0079D653: DecodePointer.KERNEL32(00000000,?,0079AEA9,00000000,?,0079AED5,00000000), ref: 0079D69C
                                                                                                                                                                                                    • Part of subcall function 0079D653: __freefls@4.LIBCMT ref: 0079D6A7
                                                                                                                                                                                                    • Part of subcall function 0079D653: TlsSetValue.KERNEL32(00000002,00000000,?,0079AEA9,00000000,?,0079AED5,00000000), ref: 0079D6B9
                                                                                                                                                                                                  • ExitThread.KERNEL32 ref: 0079AEAD
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2105675209.0000000000791000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105651111.0000000000790000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105703592.00000000007AC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105726047.00000000007B4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105746956.00000000007B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_790000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Value$DecodeErrorLastPointerThread$CurrentExit___set_flsgetvalue__calloc_crt__freefls@4__freeptd__getptd_noexit__initptd
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 779801232-0
                                                                                                                                                                                                  • Opcode ID: 5d0bd6e807bb4cd09f9318c0e0007a313b86524add5f490eb3aa284c0725b928
                                                                                                                                                                                                  • Instruction ID: 6b621087e114af1c551deebfb161e5c5955b6300a7309f067c6133fe08ef76a1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d0bd6e807bb4cd09f9318c0e0007a313b86524add5f490eb3aa284c0725b928
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3EC04C21004644FE9F213B62EC0E91B3A5D9980755B568015781986161DE7DED41C5A5
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 0079AB01: __getptd_noexit.LIBCMT ref: 0079AB01
                                                                                                                                                                                                  • __lock_file.LIBCMT ref: 00799CA0
                                                                                                                                                                                                    • Part of subcall function 00799B0E: __lock.LIBCMT ref: 00799B33
                                                                                                                                                                                                  • __fclose_nolock.LIBCMT ref: 00799CAB
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2105675209.0000000000791000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105651111.0000000000790000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105703592.00000000007AC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105726047.00000000007B4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105746956.00000000007B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_790000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2800547568-0
                                                                                                                                                                                                  • Opcode ID: 2f56287563f5084e997b429bdfb499e6ad5edbe07953561ee5b62963da21e12f
                                                                                                                                                                                                  • Instruction ID: 5ce4999c67eeeffc89db33dfcaf031a74e8c2cc32781a864c981159ed09e35da
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f56287563f5084e997b429bdfb499e6ad5edbe07953561ee5b62963da21e12f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BCF0BBB1801705DAEF20AB7DBC0AB5E7BF06F02335F11830CE5259A1D1D77C99019B65
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __getptd.LIBCMT ref: 0079AEC0
                                                                                                                                                                                                    • Part of subcall function 0079D50A: __getptd_noexit.LIBCMT ref: 0079D50D
                                                                                                                                                                                                    • Part of subcall function 0079D50A: __amsg_exit.LIBCMT ref: 0079D51A
                                                                                                                                                                                                    • Part of subcall function 0079AE95: __getptd_noexit.LIBCMT ref: 0079AE9A
                                                                                                                                                                                                    • Part of subcall function 0079AE95: __freeptd.LIBCMT ref: 0079AEA4
                                                                                                                                                                                                    • Part of subcall function 0079AE95: ExitThread.KERNEL32 ref: 0079AEAD
                                                                                                                                                                                                  • __XcptFilter.LIBCMT ref: 0079AEE1
                                                                                                                                                                                                    • Part of subcall function 0079EF45: __getptd_noexit.LIBCMT ref: 0079EF4B
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2105675209.0000000000791000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105651111.0000000000790000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105703592.00000000007AC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105726047.00000000007B4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105746956.00000000007B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_790000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __getptd_noexit$ExitFilterThreadXcpt__amsg_exit__freeptd__getptd
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 418257734-0
                                                                                                                                                                                                  • Opcode ID: 91bc2100ecdbf6a911f8738b23152c0e6720dca9a4ea94322476256b5e5c92c2
                                                                                                                                                                                                  • Instruction ID: 3972b77039c15032de3f184f02f25b983d6e407e050fdb4227ed1072b69ef7e2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91bc2100ecdbf6a911f8738b23152c0e6720dca9a4ea94322476256b5e5c92c2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4E0ECB1901600EFDB28FBA0E90EE7D7775AF84305F210489F1016B2B2DA799D419B21
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __lock.LIBCMT ref: 007A8893
                                                                                                                                                                                                    • Part of subcall function 0079CEAC: __mtinitlocknum.LIBCMT ref: 0079CEC2
                                                                                                                                                                                                    • Part of subcall function 0079CEAC: __amsg_exit.LIBCMT ref: 0079CECE
                                                                                                                                                                                                    • Part of subcall function 0079CEAC: EnterCriticalSection.KERNEL32(?,?,?,0079D5B5,0000000D,007B2790,00000008,0079AF54,?,00000000), ref: 0079CED6
                                                                                                                                                                                                  • __tzset_nolock.LIBCMT ref: 007A88A4
                                                                                                                                                                                                    • Part of subcall function 007A819A: __lock.LIBCMT ref: 007A81BC
                                                                                                                                                                                                    • Part of subcall function 007A819A: ____lc_codepage_func.LIBCMT ref: 007A8203
                                                                                                                                                                                                    • Part of subcall function 007A819A: __getenv_helper_nolock.LIBCMT ref: 007A8225
                                                                                                                                                                                                    • Part of subcall function 007A819A: _free.LIBCMT ref: 007A825C
                                                                                                                                                                                                    • Part of subcall function 007A819A: _strlen.LIBCMT ref: 007A8263
                                                                                                                                                                                                    • Part of subcall function 007A819A: __malloc_crt.LIBCMT ref: 007A826A
                                                                                                                                                                                                    • Part of subcall function 007A819A: _strlen.LIBCMT ref: 007A8280
                                                                                                                                                                                                    • Part of subcall function 007A819A: _strcpy_s.LIBCMT ref: 007A828E
                                                                                                                                                                                                    • Part of subcall function 007A819A: __invoke_watson.LIBCMT ref: 007A82A3
                                                                                                                                                                                                    • Part of subcall function 007A819A: _free.LIBCMT ref: 007A82B2
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2105675209.0000000000791000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105651111.0000000000790000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105703592.00000000007AC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105726047.00000000007B4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105746956.00000000007B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_790000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __lock_free_strlen$CriticalEnterSection____lc_codepage_func__amsg_exit__getenv_helper_nolock__invoke_watson__malloc_crt__mtinitlocknum__tzset_nolock_strcpy_s
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1828324828-0
                                                                                                                                                                                                  • Opcode ID: 4a1f667c2bbc8a795f79ededfccad8dc37a9c837c67ae8ffda6ba5661f885add
                                                                                                                                                                                                  • Instruction ID: 3a0bce3384cb96e044847f7eb908b408492d3370d6315cf9bb2b70b816acaf2f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a1f667c2bbc8a795f79ededfccad8dc37a9c837c67ae8ffda6ba5661f885add
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08E0C271482710D6CBF2BBA06A0BB2DB7A06B95B22F51831DF650270D7CE3C0805C652
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ___crtCorExitProcess.LIBCMT ref: 007987BA
                                                                                                                                                                                                    • Part of subcall function 00798787: GetModuleHandleW.KERNEL32(mscoree.dll,?,007987BF,?,?,0079A058,000000FF,0000001E,00000001,00000000,00000000,?,0079FE09,?,00000001,?), ref: 00798791
                                                                                                                                                                                                    • Part of subcall function 00798787: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 007987A1
                                                                                                                                                                                                  • ExitProcess.KERNEL32 ref: 007987C3
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2105675209.0000000000791000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105651111.0000000000790000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105703592.00000000007AC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105726047.00000000007B4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105746956.00000000007B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_790000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2427264223-0
                                                                                                                                                                                                  • Opcode ID: 6ff756d82f23e1c6bace599fa6de2363a39dc85c2d3187c69d3bcb1db29cae10
                                                                                                                                                                                                  • Instruction ID: c8e45a94eb23d82e812cb5afc2b09467417e0518eb080c20f1d7f617edc83dd4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ff756d82f23e1c6bace599fa6de2363a39dc85c2d3187c69d3bcb1db29cae10
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A5B09B31000148FBCF012F51DC4D8493F15DB817917158010F41505031DF759D519595
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2105675209.0000000000791000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105651111.0000000000790000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105703592.00000000007AC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105726047.00000000007B4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105746956.00000000007B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_790000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _memset
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2102423945-0
                                                                                                                                                                                                  • Opcode ID: 3590c39c5a6a381030122a07d787d2cb23192d9456e0ba209f687123a4c3cf9c
                                                                                                                                                                                                  • Instruction ID: a87ef79d20f979db2bf1ee6f88bfd10e77824b1933731a91745f32b767a6bb7d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3590c39c5a6a381030122a07d787d2cb23192d9456e0ba209f687123a4c3cf9c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5011C2B1A0030EAFCF00DF98D942ADEB7F9BB08300F004516F918EB200E774EA158BA1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2105675209.0000000000791000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105651111.0000000000790000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105703592.00000000007AC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105726047.00000000007B4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105746956.00000000007B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_790000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __waccess_s
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4272103461-0
                                                                                                                                                                                                  • Opcode ID: ef7a6628b8ba34dfa5084db135283d76d392227949a9b5e0c08c397448921cd0
                                                                                                                                                                                                  • Instruction ID: 67b16a38532d52ee72c79763ccad73ba3012408e8b3658a6f8f17fa2ccff1ff7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef7a6628b8ba34dfa5084db135283d76d392227949a9b5e0c08c397448921cd0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7CC09B3315410D7F9F055DE5FC05C553F59D6847747104115F91C89495DD32D5515581
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _doexit.LIBCMT ref: 00798A16
                                                                                                                                                                                                    • Part of subcall function 007988CA: __lock.LIBCMT ref: 007988D8
                                                                                                                                                                                                    • Part of subcall function 007988CA: DecodePointer.KERNEL32(007B2500,00000020,00798A31,?,00000001,00000000,?,00798A71,000000FF,?,0079CED3,00000011,?,?,0079D5B5,0000000D), ref: 00798914
                                                                                                                                                                                                    • Part of subcall function 007988CA: DecodePointer.KERNEL32(?,00798A71,000000FF,?,0079CED3,00000011,?,?,0079D5B5,0000000D,007B2790,00000008,0079AF54,?,00000000), ref: 00798925
                                                                                                                                                                                                    • Part of subcall function 007988CA: DecodePointer.KERNEL32(-00000004,?,00798A71,000000FF,?,0079CED3,00000011,?,?,0079D5B5,0000000D,007B2790,00000008,0079AF54,?,00000000), ref: 0079894B
                                                                                                                                                                                                    • Part of subcall function 007988CA: DecodePointer.KERNEL32(?,00798A71,000000FF,?,0079CED3,00000011,?,?,0079D5B5,0000000D,007B2790,00000008,0079AF54,?,00000000), ref: 0079895E
                                                                                                                                                                                                    • Part of subcall function 007988CA: DecodePointer.KERNEL32(?,00798A71,000000FF,?,0079CED3,00000011,?,?,0079D5B5,0000000D,007B2790,00000008,0079AF54,?,00000000), ref: 00798968
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2105675209.0000000000791000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105651111.0000000000790000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105703592.00000000007AC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105726047.00000000007B4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105746956.00000000007B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_790000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: DecodePointer$__lock_doexit
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3343572566-0
                                                                                                                                                                                                  • Opcode ID: b7f9ddcf0c01e83a82a0f1c6c29853ea6c7db7599a0eb0d3eddd439c3244ce42
                                                                                                                                                                                                  • Instruction ID: 4e477bc7ef4b756d70f9c28a1e9fd515926a5215396f111e8e1eaaff35019231
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7f9ddcf0c01e83a82a0f1c6c29853ea6c7db7599a0eb0d3eddd439c3244ce42
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 39B09272580308B3DA202542AC07F063B0A8BC1B60E640020BA0C191A1A9A2A961809A
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2105675209.0000000000791000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00790000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105651111.0000000000790000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105703592.00000000007AC000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105726047.00000000007B4000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2105746956.00000000007B8000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_790000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: __fsopen
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3646066109-0
                                                                                                                                                                                                  • Opcode ID: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                                                                                                                                                                                  • Instruction ID: 9e6d016d39344cadb399bda0de27f941cdacce1cc93b7fa509715d3b4a1774a1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19C0927384420CB7DF112A86EC06E4A3F1A9BD0760F148024FB1C1D161AA77EA619689
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9BECB0
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • memset.MSVCR100 ref: 6B9BED56
                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000400,0000000D,00000000,00000000), ref: 6B9BEDD1
                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(00000400,0000000D,00000000,?), ref: 6B9BEE05
                                                                                                                                                                                                  • wcscmp.MSVCR100 ref: 6B9BEE13
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B9BEE29
                                                                                                                                                                                                    • Part of subcall function 6B9BEA3D: GlobalLock.KERNEL32(?), ref: 6B9BEA92
                                                                                                                                                                                                    • Part of subcall function 6B9BEA3D: GlobalUnlock.KERNEL32(?), ref: 6B9BEAAF
                                                                                                                                                                                                  • GlobalLock.KERNEL32(?), ref: 6B9BEEDD
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B9BEEF9
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B9BEF15
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B9BEF23
                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(?), ref: 6B9BEF54
                                                                                                                                                                                                  • _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B9BEFBC
                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 6B9BF025
                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 6B9BF057
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Global$LockUnlock_control87$ExceptionInfoLocaleThrow$CreateCurrentEnv@8EventH_prolog3_catchObjectSingleThreadWaitfreememsetwcscmp
                                                                                                                                                                                                  • String ID: WINSPOOL
                                                                                                                                                                                                  • API String ID: 2622641891-435376181
                                                                                                                                                                                                  • Opcode ID: 722ee23814dad418ae8e39a114027ec4d7c3c728b676c9053c650173b58eaf31
                                                                                                                                                                                                  • Instruction ID: f8a3c01196d64f4c145651fb04fc596ea91850b7886cfe2b9a54184d980085e9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 722ee23814dad418ae8e39a114027ec4d7c3c728b676c9053c650173b58eaf31
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 78E18D71804608EFDF019FA4DC89ADF7BB9FF19318F1085AAF815AA251DB39D910CB60
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _Region_GetInfo@12.AWT(?,?,?), ref: 6B94E36B
                                                                                                                                                                                                  • _GrPrim_CompGetXorColor@8.AWT(?,?), ref: 6B94E5F4
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Initialization of surface region data failed., xrefs: 6B94E54D
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Color@8CompInfo@12Prim_Region_
                                                                                                                                                                                                  • String ID: Initialization of surface region data failed.
                                                                                                                                                                                                  • API String ID: 3400371845-312938340
                                                                                                                                                                                                  • Opcode ID: 8704dc6bacc755d20cb5307c1b2110d9f928bb45a3d0485523eca4d47be5a3bf
                                                                                                                                                                                                  • Instruction ID: a370a200288ed9eecfbcb5982860f1facd18258d3b6cc3923e3d87f70fc34b02
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8704dc6bacc755d20cb5307c1b2110d9f928bb45a3d0485523eca4d47be5a3bf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16024970A10B049FDB18CFA8C984A6ABBF9FF89314F50865DE8569B794D734E802CF50
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002,?,6B99EC15), ref: 6B99EB64
                                                                                                                                                                                                    • Part of subcall function 6B99D8BC: _JNU_GetEnv@8.JAVA(00010002,?,00000000,?,?,6B99EB84,win.properties.version,00000003,?,?,6B99EC15), ref: 6B99D8D0
                                                                                                                                                                                                    • Part of subcall function 6B99D8BC: wcslen.MSVCR100 ref: 6B99D8DA
                                                                                                                                                                                                    • Part of subcall function 6B99D8BC: _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B99D907
                                                                                                                                                                                                    • Part of subcall function 6B99D8BC: _JNU_GetEnv@8.JAVA(00010002,?,?,6B99EB84,win.properties.version,00000003,?,?,6B99EC15), ref: 6B99D913
                                                                                                                                                                                                    • Part of subcall function 6B99D8BC: _JNU_GetEnv@8.JAVA(00010002), ref: 6B99D934
                                                                                                                                                                                                    • Part of subcall function 6B99E212: GetVersion.KERNEL32(00000000), ref: 6B99E22A
                                                                                                                                                                                                    • Part of subcall function 6B99E628: __EH_prolog3_catch.LIBCMT ref: 6B99E62F
                                                                                                                                                                                                    • Part of subcall function 6B99E628: GetVersion.KERNEL32(win.text.fontSmoothingOn,00000000,win.frame.fullWindowDragsOn,00000000,00000030,6B99EBA7,win.properties.version,00000003,?,?,6B99EC15), ref: 6B99E669
                                                                                                                                                                                                    • Part of subcall function 6B99E628: GetVersion.KERNEL32(?,?,6B99EC15), ref: 6B99E66F
                                                                                                                                                                                                    • Part of subcall function 6B99E628: GetVersion.KERNEL32(?,?,6B99EC15), ref: 6B99E678
                                                                                                                                                                                                    • Part of subcall function 6B99E628: GetSystemMetrics.USER32(00000044), ref: 6B99E6C8
                                                                                                                                                                                                    • Part of subcall function 6B99E628: GetSystemMetrics.USER32(00000045), ref: 6B99E6CE
                                                                                                                                                                                                    • Part of subcall function 6B99E628: GetDoubleClickTime.USER32(awt.mouse.numButtons,00000000,DnD.gestureMotionThreshold,?,win.drag.height,?,win.drag.width,00000000,?,?,6B99EC15), ref: 6B99E71C
                                                                                                                                                                                                    • Part of subcall function 6B99E628: GetSystemMetrics.USER32(0000004B), ref: 6B99E746
                                                                                                                                                                                                    • Part of subcall function 6B99E06C: __EH_prolog3_catch.LIBCMT ref: 6B99E073
                                                                                                                                                                                                  • GetVersion.KERNEL32(win.properties.version,00000003,?,?,6B99EC15), ref: 6B99EBBB
                                                                                                                                                                                                  • GetVersion.KERNEL32(?,?,6B99EC15), ref: 6B99EBC1
                                                                                                                                                                                                  • GetVersion.KERNEL32(?,?,6B99EC15), ref: 6B99EBCA
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Version$Env@8$MetricsSystem$H_prolog3_catch$ClickDoubleExceptionThrowTimewcslen
                                                                                                                                                                                                  • String ID: win.properties.version
                                                                                                                                                                                                  • API String ID: 297521648-1571471729
                                                                                                                                                                                                  • Opcode ID: 39d049e106d1b673d7293c4d810f617941cccbe7370b50908de61c3c7fd5fda8
                                                                                                                                                                                                  • Instruction ID: 2014759c7379fdad237c5332ef19ff5556fbc478aef05f095e6591e0dfc6aae7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39d049e106d1b673d7293c4d810f617941cccbe7370b50908de61c3c7fd5fda8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5F0AF30764D24939996333ABC26A6C331B7FE2A1D7490429D1035B280CF5DCD8B87AA
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,?,6B93558C,?,00000000), ref: 6B938460
                                                                                                                                                                                                    • Part of subcall function 6B9C9E08: __EH_prolog3.LIBCMT ref: 6B9C9E0F
                                                                                                                                                                                                  • JNU_CallStaticMethodByName.JAVA(00000000,00000000,sun/java2d/pipe/hw/AccelDeviceEventNotifier,eventOccured,(II)V,00000000,?,00000000,?,6B93558C,?,00000000), ref: 6B9384AE
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CallEnv@8H_prolog3MethodNameStatic
                                                                                                                                                                                                  • String ID: (II)V$eventOccured$sun/java2d/pipe/hw/AccelDeviceEventNotifier
                                                                                                                                                                                                  • API String ID: 747027660-3510536290
                                                                                                                                                                                                  • Opcode ID: 35d34fc580a3b472bb13142cfa76708a6d8b1bfea9cf11c46da942c17fce50a1
                                                                                                                                                                                                  • Instruction ID: 419ce3951acda4b82a6386aeb87d4b4016e3868c630d94766bc00e502ee10862
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35d34fc580a3b472bb13142cfa76708a6d8b1bfea9cf11c46da942c17fce50a1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74F09A317006112FABA6DB75DD86F6B26EC9FE5A48B408058B844EB341EB2CDC02C7B1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetLocaleInfoW.KERNEL32(?,00001004,?,00000007), ref: 6B9B69D7
                                                                                                                                                                                                  • _wtoi.MSVCR100(?), ref: 6B9B69E5
                                                                                                                                                                                                  • GetACP.KERNEL32 ref: 6B9B69EE
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: InfoLocale_wtoi
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2158664808-0
                                                                                                                                                                                                  • Opcode ID: 752dc10d10edbcb026849bccd3398c3b0c605ac28949d5df6fbe5434a7027e9b
                                                                                                                                                                                                  • Instruction ID: 580a6b48427fd44ea5e8319d4d0613cbea3c082938cdf9ef213bafc7298aa636
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 752dc10d10edbcb026849bccd3398c3b0c605ac28949d5df6fbe5434a7027e9b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DE09B34504208EFDF00EFB5D949AAE77FCAB09705F500429F606D6181DB34E544C721
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetKeyboardState.USER32(6BA1E460), ref: 6B9C6887
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: KeyboardState
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1724228437-0
                                                                                                                                                                                                  • Opcode ID: ffd5e6d4da17b5aafb3f2180642f95e158b90803c2b13e99b2ac7efa31781d96
                                                                                                                                                                                                  • Instruction ID: 0cb5a88d70f529196b85d1311ca4c1f28d277a192354b462b8ae03a63d038324
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ffd5e6d4da17b5aafb3f2180642f95e158b90803c2b13e99b2ac7efa31781d96
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B11A1313002114BE7108B69C8C4BAFB39ADF9A711F100976EA44DB345C72CE8C1C697
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetKeyboardLayout.USER32(00000000), ref: 6B994606
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: KeyboardLayout
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 194098044-0
                                                                                                                                                                                                  • Opcode ID: 343fec5ce1a2f4fbc9f280232bcde0bfa11142a84304c1797b5655ac6a4d7ba0
                                                                                                                                                                                                  • Instruction ID: 896ba019f5f4b291f69d3d393b304d8370ae44f13b33a1c8000f0369c02f38b2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 343fec5ce1a2f4fbc9f280232bcde0bfa11142a84304c1797b5655ac6a4d7ba0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0C08CF0A6E20023DED03A708C0AB6823A4D342303FC448A0F2AAC0BC4DEA8C4825B15
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: b44bae1018b21d8ef4eddd36f2e542b23af59d00f4fa98ce2622c3d62b93540b
                                                                                                                                                                                                  • Instruction ID: 6b5e1b0247d79aea3380b7b967098358b1f952d07cdb9ba09c52738b1d44d528
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b44bae1018b21d8ef4eddd36f2e542b23af59d00f4fa98ce2622c3d62b93540b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B41737159636A9E831EEE3889A364AFF69BA47704721A0AED042DF0F5D3325016CBD1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B99E62F
                                                                                                                                                                                                    • Part of subcall function 6B99D947: _JNU_GetEnv@8.JAVA(00010002,?,00000000,?,?,6B99E3EE,win.icon.titleWrappingOn,00000000,win.icon.vspacing,?,win.icon.hspacing,?), ref: 6B99D95B
                                                                                                                                                                                                    • Part of subcall function 6B99D947: wcslen.MSVCR100 ref: 6B99D965
                                                                                                                                                                                                    • Part of subcall function 6B99D947: _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B99D992
                                                                                                                                                                                                    • Part of subcall function 6B99D947: _JNU_GetEnv@8.JAVA(00010002,?,?,6B99E3EE,win.icon.titleWrappingOn,00000000,win.icon.vspacing,?,win.icon.hspacing,?), ref: 6B99D99E
                                                                                                                                                                                                    • Part of subcall function 6B99D947: _JNU_GetEnv@8.JAVA(00010002,00000000,win.icon.vspacing,?,win.icon.hspacing,?), ref: 6B99D9C5
                                                                                                                                                                                                  • GetVersion.KERNEL32(win.text.fontSmoothingOn,00000000,win.frame.fullWindowDragsOn,00000000,00000030,6B99EBA7,win.properties.version,00000003,?,?,6B99EC15), ref: 6B99E669
                                                                                                                                                                                                  • GetVersion.KERNEL32(?,?,6B99EC15), ref: 6B99E66F
                                                                                                                                                                                                  • GetVersion.KERNEL32(?,?,6B99EC15), ref: 6B99E678
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000044), ref: 6B99E6C8
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000045), ref: 6B99E6CE
                                                                                                                                                                                                  • GetDoubleClickTime.USER32(awt.mouse.numButtons,00000000,DnD.gestureMotionThreshold,?,win.drag.height,?,win.drag.width,00000000,?,?,6B99EC15), ref: 6B99E71C
                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000004B), ref: 6B99E746
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B99E842
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B99E885
                                                                                                                                                                                                  • lstrlenW.KERNEL32(PlaceN,awt.file.showAttribCol,00000000,awt.file.showHiddenFiles,00000000,?,?,?,?,?,?,?,?,?,?,6B99EC15), ref: 6B99E89C
                                                                                                                                                                                                  • lstrlenW.KERNEL32(PlaceN,?,?,?,?,?,?,?,?,?,?,6B99EC15), ref: 6B99E8A6
                                                                                                                                                                                                  • lstrlenW.KERNEL32(PlaceN,?,?,?,?,?,?,?,?,?,?,6B99EC15), ref: 6B99E8B3
                                                                                                                                                                                                  • lstrlenW.KERNEL32(PlaceN,?,?,?,?,?,?,?,?,?,?,6B99EC15), ref: 6B99E8B9
                                                                                                                                                                                                  • lstrlenW.KERNEL32(PlaceN,?,?,?,?,?,?,?,?,?,?,6B99EC15), ref: 6B99E8CF
                                                                                                                                                                                                    • Part of subcall function 6B9CF401: malloc.MSVCR100 ref: 6B9CF408
                                                                                                                                                                                                    • Part of subcall function 6B9CF401: _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B9CF426
                                                                                                                                                                                                  • lstrcpyW.KERNEL32(00000000,PlaceN,?,?,?,?,?,?,?,?,?,?,6B99EC15), ref: 6B99E8E7
                                                                                                                                                                                                  • lstrlenW.KERNEL32(win.comdlg.placesBarPlaceN,?,?,?,?,?,?,?,?,?,?,6B99EC15), ref: 6B99E8F6
                                                                                                                                                                                                  • lstrlenW.KERNEL32(win.comdlg.placesBarPlaceN,?,?,?,?,?,?,?,?,?,?,6B99EC15), ref: 6B99E900
                                                                                                                                                                                                  • lstrlenW.KERNEL32(win.comdlg.placesBarPlaceN,?,?,?,?,?,?,?,?,?,?,6B99EC15), ref: 6B99E90D
                                                                                                                                                                                                  • lstrlenW.KERNEL32(win.comdlg.placesBarPlaceN,?,?,?,?,?,?,?,?,?,?,6B99EC15), ref: 6B99E913
                                                                                                                                                                                                    • Part of subcall function 6B99D7E0: _JNU_GetEnv@8.JAVA(00010002,00000000,00000000,?,?,?,6B99E997,00000000,00000000), ref: 6B99D7F6
                                                                                                                                                                                                    • Part of subcall function 6B99D7E0: wcslen.MSVCR100 ref: 6B99D806
                                                                                                                                                                                                    • Part of subcall function 6B99D7E0: _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B99D832
                                                                                                                                                                                                    • Part of subcall function 6B99D7E0: _JNU_GetEnv@8.JAVA(00010002,?,?,?,?,?,?,?,?,?,?,6B99EC15), ref: 6B99D83E
                                                                                                                                                                                                    • Part of subcall function 6B99D7E0: wcslen.MSVCR100 ref: 6B99D848
                                                                                                                                                                                                    • Part of subcall function 6B99D7E0: _JNU_GetEnv@8.JAVA(00010002,?,?,?,?,?,?,?,?,?,6B99EC15), ref: 6B99D861
                                                                                                                                                                                                    • Part of subcall function 6B99D7E0: _JNU_GetEnv@8.JAVA(00010002), ref: 6B99D894
                                                                                                                                                                                                    • Part of subcall function 6B99D7E0: _JNU_GetEnv@8.JAVA(00010002), ref: 6B99D8A7
                                                                                                                                                                                                  • lstrlenW.KERNEL32(win.comdlg.placesBarPlaceN,?,?,?,?,?,?,?,?,?,?,6B99EC15), ref: 6B99E929
                                                                                                                                                                                                  • lstrcpyW.KERNEL32(00000000,win.comdlg.placesBarPlaceN,?,?,?,?,?,?,?,?,?,?,6B99EC15), ref: 6B99E93D
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B99E998
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B99E9AE
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B99E9B1
                                                                                                                                                                                                  • _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B99E9E0
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: lstrlen$Env@8$free$ExceptionThrow$MetricsSystemVersionwcslen$lstrcpy$ClickDoubleH_prolog3_catchTimemalloc
                                                                                                                                                                                                  • String ID: Control Panel\Desktop\WindowMetrics$DnD.gestureMotionThreshold$NoPlacesBar$PlaceN$Shell Icon BPP$Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32$Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32\PlacesBar$awt.dynamicLayoutSupported$awt.file.showAttribCol$awt.file.showHiddenFiles$awt.mouse.numButtons$awt.multiClickInterval$awt.wheelMousePresent$win.comdlg.noPlacesBar$win.comdlg.placesBarPlaceN$win.drag.height$win.drag.width$win.frame.captionGradientsOn$win.frame.fullWindowDragsOn$win.highContrast.on$win.icon.shellIconBPP$win.item.hotTrackingOn$win.menu.keyboardCuesOn$win.text.fontSmoothingContrast$win.text.fontSmoothingOn$win.text.fontSmoothingOrientation$win.text.fontSmoothingType
                                                                                                                                                                                                  • API String ID: 2086896273-967175847
                                                                                                                                                                                                  • Opcode ID: a4408ef13610ee1c42d671afb38596390e0aea677898f4e8ec299658d59752bd
                                                                                                                                                                                                  • Instruction ID: 478b51cf953fa9aea37c3b378cc01e5194881c3f64d4a0b98dd427b23552e330
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a4408ef13610ee1c42d671afb38596390e0aea677898f4e8ec299658d59752bd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DA11DB19445286AEB44B7B4ACC6ABE777DEFD6328F1C0009F511A63D1DF2CC84687A1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: wcsstr
                                                                                                                                                                                                  • String ID: ANSI_CHARSET$ARABIC_CHARSET$BALTIC_CHARSET$CHINESEBIG5_CHARSET$DEFAULT_CHARSET$EASTEUROPE_CHARSET$GB2312_CHARSET$GREEK_CHARSET$HANGEUL_CHARSET$HEBREW_CHARSET$JOHAB_CHARSET$MAC_CHARSET$OEM_CHARSET$RUSSIAN_CHARSET$SHIFTJIS_CHARSET$SYMBOL_CHARSET$THAI_CHARSET$TURKISH_CHARSET$VIETNAMESE_CHARSET$WingDings
                                                                                                                                                                                                  • API String ID: 2735924446-499274865
                                                                                                                                                                                                  • Opcode ID: 32fb533f4a0bf357ee9013ab7011bbc3a64811a2843f807b0ae7b9bd72035596
                                                                                                                                                                                                  • Instruction ID: 4e7b8035d68dc3bdddae6cd66fe408119c96e1ac0f9331978197d4e752c297ed
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32fb533f4a0bf357ee9013ab7011bbc3a64811a2843f807b0ae7b9bd72035596
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 54412F2770C62724FA6921BDBC51BBA579CCBC2572B21807FF610D55C0EE0DD48397A6
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 6B99D9D8: _JNU_GetEnv@8.JAVA(00010002,00000000,6B9D2D6A,?,?,6B99E427,win.frame.activeCaptionGradientColor,00000000,?,00000000,?,6B99EB99,win.properties.version,00000003), ref: 6B99D9EC
                                                                                                                                                                                                    • Part of subcall function 6B99D9D8: wcslen.MSVCR100 ref: 6B99D9F6
                                                                                                                                                                                                    • Part of subcall function 6B99D9D8: _CxxThrowException.MSVCR100(00000003,6B9F9388), ref: 6B99DA23
                                                                                                                                                                                                    • Part of subcall function 6B99D9D8: _JNU_GetEnv@8.JAVA(00010002,?,6B99E427,win.frame.activeCaptionGradientColor,00000000,?,00000000,?,6B99EB99,win.properties.version,00000003,?,?,6B99EC15), ref: 6B99DA2F
                                                                                                                                                                                                    • Part of subcall function 6B99D9D8: _JNU_GetEnv@8.JAVA(00010002), ref: 6B99DA66
                                                                                                                                                                                                  • GetVersion.KERNEL32(win.menu.textColor,00000000,?,00000000,?,6B99EB99,win.properties.version,00000003,?,?,6B99EC15), ref: 6B99E5B4
                                                                                                                                                                                                  • GetVersion.KERNEL32(?,00000000,?,6B99EB99,win.properties.version,00000003,?,?,6B99EC15), ref: 6B99E5BA
                                                                                                                                                                                                  • GetVersion.KERNEL32(?,00000000,?,6B99EB99,win.properties.version,00000003,?,?,6B99EC15), ref: 6B99E5C3
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • win.frame.inactiveCaptionColor, xrefs: 6B99E52B
                                                                                                                                                                                                  • win.3d.shadowColor, xrefs: 6B99E492
                                                                                                                                                                                                  • win.mdi.backgroundColor, xrefs: 6B99E580
                                                                                                                                                                                                  • win.frame.inactiveBorderColor, xrefs: 6B99E51A
                                                                                                                                                                                                  • win.frame.inactiveCaptionTextColor, xrefs: 6B99E53C
                                                                                                                                                                                                  • win.scrollbar.backgroundColor, xrefs: 6B99E5E5
                                                                                                                                                                                                  • win.frame.backgroundColor, xrefs: 6B99E4F8
                                                                                                                                                                                                  • win.item.highlightColor, xrefs: 6B99E55E
                                                                                                                                                                                                  • win.tooltip.textColor, xrefs: 6B99E618
                                                                                                                                                                                                  • win.menu.backgroundColor, xrefs: 6B99E591
                                                                                                                                                                                                  • win.frame.captionTextColor, xrefs: 6B99E509
                                                                                                                                                                                                  • win.3d.lightColor, xrefs: 6B99E481
                                                                                                                                                                                                  • win.frame.color, xrefs: 6B99E4E7
                                                                                                                                                                                                  • win.frame.activeBorderColor, xrefs: 6B99E4D6
                                                                                                                                                                                                  • win.tooltip.backgroundColor, xrefs: 6B99E607
                                                                                                                                                                                                  • win.text.grayedTextColor, xrefs: 6B99E5F6
                                                                                                                                                                                                  • win.menu.textColor, xrefs: 6B99E5A2
                                                                                                                                                                                                  • win.frame.inactiveCaptionGradientColor, xrefs: 6B99E42C
                                                                                                                                                                                                  • win.3d.darkShadowColor, xrefs: 6B99E44E
                                                                                                                                                                                                  • win.frame.textColor, xrefs: 6B99E54D
                                                                                                                                                                                                  • win.3d.backgroundColor, xrefs: 6B99E45F
                                                                                                                                                                                                  • win.desktop.backgroundColor, xrefs: 6B99E4B4
                                                                                                                                                                                                  • win.item.hotTrackedColor, xrefs: 6B99E43D
                                                                                                                                                                                                  • win.frame.activeCaptionGradientColor, xrefs: 6B99E41B
                                                                                                                                                                                                  • win.button.textColor, xrefs: 6B99E4A3
                                                                                                                                                                                                  • win.menubar.backgroundColor, xrefs: 6B99E5D4
                                                                                                                                                                                                  • win.frame.activeCaptionColor, xrefs: 6B99E4C5
                                                                                                                                                                                                  • win.item.highlightTextColor, xrefs: 6B99E56F
                                                                                                                                                                                                  • win.3d.highlightColor, xrefs: 6B99E470
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8Version$ExceptionThrowwcslen
                                                                                                                                                                                                  • String ID: win.3d.backgroundColor$win.3d.darkShadowColor$win.3d.highlightColor$win.3d.lightColor$win.3d.shadowColor$win.button.textColor$win.desktop.backgroundColor$win.frame.activeBorderColor$win.frame.activeCaptionColor$win.frame.activeCaptionGradientColor$win.frame.backgroundColor$win.frame.captionTextColor$win.frame.color$win.frame.inactiveBorderColor$win.frame.inactiveCaptionColor$win.frame.inactiveCaptionGradientColor$win.frame.inactiveCaptionTextColor$win.frame.textColor$win.item.highlightColor$win.item.highlightTextColor$win.item.hotTrackedColor$win.mdi.backgroundColor$win.menu.backgroundColor$win.menu.textColor$win.menubar.backgroundColor$win.scrollbar.backgroundColor$win.text.grayedTextColor$win.tooltip.backgroundColor$win.tooltip.textColor
                                                                                                                                                                                                  • API String ID: 1231098648-3282741526
                                                                                                                                                                                                  • Opcode ID: 9463a10f896314c5bf8b5df0484f9a597337d269d14a421fec5123d8a8142b68
                                                                                                                                                                                                  • Instruction ID: 199ae24e602f4e21a596ce11889823acac7b94583b279eee49ca8d8f5eca86fc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9463a10f896314c5bf8b5df0484f9a597337d269d14a421fec5123d8a8142b68
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C9418C907D117836EA5536B11C96F7F1D0E8FE26B9F480016B6099A6C2CF8DC803A7F6
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 6B96AA50: J2dTraceImpl.AWT(00000001,00000001,OGLContext_IsExtensionAvailable: extension string is null,00000000,?,6B96AD05,00000000,GL_ARB_fragment_shader), ref: 6B96AA68
                                                                                                                                                                                                    • Part of subcall function 6B96AA50: strlen.MSVCR100 ref: 6B96AA79
                                                                                                                                                                                                    • Part of subcall function 6B96AA50: strcspn.MSVCR100 ref: 6B96AA96
                                                                                                                                                                                                    • Part of subcall function 6B96AA50: strlen.MSVCR100 ref: 6B96AA9F
                                                                                                                                                                                                    • Part of subcall function 6B96AA50: strncmp.MSVCR100 ref: 6B96AAAE
                                                                                                                                                                                                    • Part of subcall function 6B96AA50: J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsExtensionAvailable: %s=%s,?,false,00000000,6B98D391,?,?,?,?,WGLGraphicsConfig_getWGLConfigInfo), ref: 6B96AAD7
                                                                                                                                                                                                  • getenv.MSVCR100 ref: 6B96AD53
                                                                                                                                                                                                  • _JNU_GetStaticFieldByName@20.JAVA(?,00000000,sun/java2d/opengl/OGLSurfaceData,isBIOpShaderEnabled,6B9D9480,?,?,00000000), ref: 6B96ADAD
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsBIOpShaderSupportAvailable: disabled via flag,?,00000000,sun/java2d/opengl/OGLSurfaceData,isBIOpShaderEnabled,6B9D9480,?,?,00000000), ref: 6B96ADC3
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsBIOpShaderSupportAvailable: BufferedImageOp shader supported,?,00000000,sun/java2d/opengl/OGLSurfaceData,isBIOpShaderEnabled,6B9D9480,?,?,00000000), ref: 6B96ADD6
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  • _JNU_GetStaticFieldByName@20.JAVA(?,00000000,sun/java2d/opengl/OGLSurfaceData,isGradShaderEnabled,6B9D9480,sun/java2d/opengl/OGLSurfaceData,isBIOpShaderEnabled,6B9D9480,?,?,00000000), ref: 6B96ADF6
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsGradShaderSupportAvailable: disabled via flag,?,00000000,sun/java2d/opengl/OGLSurfaceData,isGradShaderEnabled,6B9D9480,sun/java2d/opengl/OGLSurfaceData,isBIOpShaderEnabled,6B9D9480,?,?,00000000), ref: 6B96AE0C
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsGradShaderSupportAvailable: Linear/RadialGradientPaint shader supported,?,00000000,sun/java2d/opengl/OGLSurfaceData,isGradShaderEnabled,6B9D9480,sun/java2d/opengl/OGLSurfaceData,isBIOpShaderEnabled,6B9D9480,?,?,00000000), ref: 6B96AE1F
                                                                                                                                                                                                  • strncmp.MSVCR100 ref: 6B96AEB9
                                                                                                                                                                                                  • strncmp.MSVCR100 ref: 6B96AEDE
                                                                                                                                                                                                  • strncmp.MSVCR100 ref: 6B96AF0A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • GL_ARB_multitexture, xrefs: 6B96AD0E
                                                                                                                                                                                                  • OGLContext_IsGradShaderSupportAvailable: Linear/RadialGradientPaint shader supported, xrefs: 6B96AE16
                                                                                                                                                                                                  • GL_ARB_fragment_shader, xrefs: 6B96ACFA
                                                                                                                                                                                                  • isGradShaderEnabled, xrefs: 6B96ADE9
                                                                                                                                                                                                  • NVIDIA, xrefs: 6B96AED8
                                                                                                                                                                                                  • isBIOpShaderEnabled, xrefs: 6B96ADA0
                                                                                                                                                                                                  • Intel, xrefs: 6B96AF04
                                                                                                                                                                                                  • ATI, xrefs: 6B96AEB3
                                                                                                                                                                                                  • sun/java2d/opengl/OGLSurfaceData, xrefs: 6B96ADA5, 6B96ADEE
                                                                                                                                                                                                  • GL_ARB_texture_rectangle, xrefs: 6B96AD3C
                                                                                                                                                                                                  • GL_ARB_fragment_program, xrefs: 6B96AE54
                                                                                                                                                                                                  • GL_NV_fragment_program2, xrefs: 6B96AE40
                                                                                                                                                                                                  • GL_ARB_texture_non_power_of_two, xrefs: 6B96AD27
                                                                                                                                                                                                  • OGLContext_IsBIOpShaderSupportAvailable: disabled via flag, xrefs: 6B96ADBA
                                                                                                                                                                                                  • GL_NV_fragment_program, xrefs: 6B96AE2D
                                                                                                                                                                                                  • GL_NV_texture_barrier, xrefs: 6B96AE8B
                                                                                                                                                                                                  • OGLContext_IsGradShaderSupportAvailable: disabled via flag, xrefs: 6B96AE03
                                                                                                                                                                                                  • OGLContext_IsBIOpShaderSupportAvailable: BufferedImageOp shader supported, xrefs: 6B96ADCD
                                                                                                                                                                                                  • J2D_OGL_TEXRECT, xrefs: 6B96AD4E
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Trace$Impl$strncmp$FieldName@20Staticfprintfstrlen$Init@0fflushgetenvstrcspnvfprintf
                                                                                                                                                                                                  • String ID: ATI$GL_ARB_fragment_program$GL_ARB_fragment_shader$GL_ARB_multitexture$GL_ARB_texture_non_power_of_two$GL_ARB_texture_rectangle$GL_NV_fragment_program$GL_NV_fragment_program2$GL_NV_texture_barrier$Intel$J2D_OGL_TEXRECT$NVIDIA$OGLContext_IsBIOpShaderSupportAvailable: BufferedImageOp shader supported$OGLContext_IsBIOpShaderSupportAvailable: disabled via flag$OGLContext_IsGradShaderSupportAvailable: Linear/RadialGradientPaint shader supported$OGLContext_IsGradShaderSupportAvailable: disabled via flag$isBIOpShaderEnabled$isGradShaderEnabled$sun/java2d/opengl/OGLSurfaceData
                                                                                                                                                                                                  • API String ID: 3318883300-1738552187
                                                                                                                                                                                                  • Opcode ID: bd9be51aee766348c35e13d4a318e6753391d97df47ab5c32f647fb631a89d54
                                                                                                                                                                                                  • Instruction ID: 578821b9eef6a56b2451d31528476f76995c13d3fe918ed7f0ed8f427f1df9b0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd9be51aee766348c35e13d4a318e6753391d97df47ab5c32f647fb631a89d54
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E515E719403227BF7015A209D93F5A7BA8AF903CDF044064FD85B6183F36ED21AC676
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • memset.MSVCR100 ref: 6B9384F0
                                                                                                                                                                                                  • GetVersionExW.KERNEL32 ref: 6B938505
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000003,00000000,[I] OS Version = ), ref: 6B938516
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000003,?,OS_VISTA,?,?,?,FFFFFFFF,?), ref: 6B938568
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000003,00000000,OS_WINSERV_2008,?,?,?,FFFFFFFF,?), ref: 6B938585
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000003,00000000,OS_WINDOWS7 or newer,?,?,?,FFFFFFFF,?), ref: 6B9385B4
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000003,00000000,OS_WINXP_64,?,?,?,FFFFFFFF,?), ref: 6B938608
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000003,00000000,OS_UNKNOWN: dwPlatformId=%d dwMajorVersion=%d,?,?,?,?,?,FFFFFFFF,?), ref: 6B9386BC
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000003,00000000,OS_UNKNOWN: GetVersionEx failed,?,?,?,FFFFFFFF,?), ref: 6B9386CF
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Trace$Impl$fprintf$Init@0Versionfflushmemsetvfprintf
                                                                                                                                                                                                  • String ID: Home$OS_UNKNOWN: GetVersionEx failed$OS_UNKNOWN: dwMajorVersion=%d dwMinorVersion=%d$OS_UNKNOWN: dwPlatformId=%d dwMajorVersion=%d$OS_VISTA$OS_WINDOWS7 or newer$OS_WINSERV_2003$OS_WINSERV_2008$OS_WINSERV_2008R2 or newer$OS_WINXP $OS_WINXP_64$Pro$[I] OS Version =
                                                                                                                                                                                                  • API String ID: 247123547-3940967645
                                                                                                                                                                                                  • Opcode ID: 1d7e39e11ee1269d3b7ca6845f28485d2628472897705b91c8f6ada9ea1160a5
                                                                                                                                                                                                  • Instruction ID: 231c40fa70392009525ed42eac5fdfc2c51fd0078748ea54a1ccc519632a5b38
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d7e39e11ee1269d3b7ca6845f28485d2628472897705b91c8f6ada9ea1160a5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC41A970A58310AAF72967308CD3B9523999FA1B0CF914438F609BA6C1F17ED685436B
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog3_catchwcscmp
                                                                                                                                                                                                  • String ID: Arial$Courier$Courier New$Dialog$DialogInput$Helvetica$MS Sans Serif$Monospaced$SansSerif$Serif$Times New Roman$TimesRoman$WingDings$ZapfDingbats
                                                                                                                                                                                                  • API String ID: 1789132593-793057055
                                                                                                                                                                                                  • Opcode ID: 33e5296298a81a3308c145ab5c2f11ffeec2ee0c60bf535323266af49a4b089c
                                                                                                                                                                                                  • Instruction ID: e6edeba12ef63ae991c80bb190775c1abc9fd01b3cb2f6ed568ffdefdf248910
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33e5296298a81a3308c145ab5c2f11ffeec2ee0c60bf535323266af49a4b089c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B3B1A331904206EFDF159FA5CC89EAE7BB9FF49324F2040A9F940A6291DB39C941CF65
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DPPLM::CheckDeviceCaps: adapter %d: Failed (cap %s not supported),?,D3DPBLENDCAPS_ZERO), ref: 6B938994
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DPPLM::CheckDeviceCaps: adapter %d: Failed (pixel shaders 2.0 required),?), ref: 6B938B21
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000003,00000001,D3DPPLM::CheckDeviceCaps: adapter %d: Passed,?), ref: 6B938B38
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • D3DPTADDRESSCAPS_CLAMP, xrefs: 6B938AD5
                                                                                                                                                                                                  • D3DPCMPCAPS_LESS, xrefs: 6B938A4F
                                                                                                                                                                                                  • D3DPCMPCAPS_ALWAYS, xrefs: 6B938A41
                                                                                                                                                                                                  • D3DPBLENDCAPS_DESTALPHA, xrefs: 6B938A8B
                                                                                                                                                                                                  • D3DPBLENDCAPS_INVDESTALPHA, xrefs: 6B938AA7
                                                                                                                                                                                                  • D3DCAPS3_ALPHA_FULLSCREEN_FLIP_OR_DISCARD, xrefs: 6B938A01
                                                                                                                                                                                                  • D3DPBLENDCAPS_ZERO, xrefs: 6B938A61
                                                                                                                                                                                                  • D3DPPLM::CheckDeviceCaps: adapter %d: Failed (cap %s not supported), xrefs: 6B93898B
                                                                                                                                                                                                  • D3DPMISCCAPS_BLENDOP, xrefs: 6B938A21
                                                                                                                                                                                                  • D3DTEXOPCAPS_MODULATE, xrefs: 6B938AF7
                                                                                                                                                                                                  • D3DPBLENDCAPS_SRCALPHA, xrefs: 6B938A7D
                                                                                                                                                                                                  • , xrefs: 6B9389FA
                                                                                                                                                                                                  • D3DPMISCCAPS_MASKZ, xrefs: 6B938A2F
                                                                                                                                                                                                  • D3DDEVCAPS_HWTRANSFORMANDLIGHT, xrefs: 6B9389CD
                                                                                                                                                                                                  • D3DPRASTERCAPS_SCISSORTEST, xrefs: 6B9389F3
                                                                                                                                                                                                  • D3DPTADDRESSCAPS_WRAP, xrefs: 6B938AE3
                                                                                                                                                                                                  • D3DDEVCAPS_HWRASTERIZATION, xrefs: 6B9389E2
                                                                                                                                                                                                  • D3DPMISCCAPS_CULLNONE, xrefs: 6B938A10
                                                                                                                                                                                                  • D3DPBLENDCAPS_INVSRCALPHA, xrefs: 6B938A99
                                                                                                                                                                                                  • D3DDEVCAPS_DRAWPRIMTLVERTEX, xrefs: 6B938985
                                                                                                                                                                                                  • D3DPPLM::CheckDeviceCaps: adapter %d: Failed (pixel shaders 2.0 required), xrefs: 6B938B18
                                                                                                                                                                                                  • D3DPBLENDCAPS_ONE, xrefs: 6B938A6F
                                                                                                                                                                                                  • D3DPPLM::CheckDeviceCaps: adapter %d: Passed, xrefs: 6B938B2F
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Trace$Impl$fprintf$Init@0fflushvfprintf
                                                                                                                                                                                                  • String ID: $D3DCAPS3_ALPHA_FULLSCREEN_FLIP_OR_DISCARD$D3DDEVCAPS_DRAWPRIMTLVERTEX$D3DDEVCAPS_HWRASTERIZATION$D3DDEVCAPS_HWTRANSFORMANDLIGHT$D3DPBLENDCAPS_DESTALPHA$D3DPBLENDCAPS_INVDESTALPHA$D3DPBLENDCAPS_INVSRCALPHA$D3DPBLENDCAPS_ONE$D3DPBLENDCAPS_SRCALPHA$D3DPBLENDCAPS_ZERO$D3DPCMPCAPS_ALWAYS$D3DPCMPCAPS_LESS$D3DPMISCCAPS_BLENDOP$D3DPMISCCAPS_CULLNONE$D3DPMISCCAPS_MASKZ$D3DPPLM::CheckDeviceCaps: adapter %d: Failed (cap %s not supported)$D3DPPLM::CheckDeviceCaps: adapter %d: Failed (pixel shaders 2.0 required)$D3DPPLM::CheckDeviceCaps: adapter %d: Passed$D3DPRASTERCAPS_SCISSORTEST$D3DPTADDRESSCAPS_CLAMP$D3DPTADDRESSCAPS_WRAP$D3DTEXOPCAPS_MODULATE
                                                                                                                                                                                                  • API String ID: 1961874229-2265019216
                                                                                                                                                                                                  • Opcode ID: fb968f1609f1063d8cfe1cee206d197381a4a2d3f4149b55439c7377532af38f
                                                                                                                                                                                                  • Instruction ID: e90b3ca63bc5fd2a74daaa5758778db42710a4d5b8412322506a2e0363fed7ff
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fb968f1609f1063d8cfe1cee206d197381a4a2d3f4149b55439c7377532af38f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2441947094C362EAD72985288AE1B9667E86F96758F195989FC8CE6143C32DC8038773
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: free$Error@8Throw$Memorycalloc$Internalprintf
                                                                                                                                                                                                  • String ID: %x $Out of memory$Unknown interpolation type$dst is$matrix is %g %g %g %g %g %g$src is
                                                                                                                                                                                                  • API String ID: 3178000876-58672223
                                                                                                                                                                                                  • Opcode ID: 7775370b02730c13e157e616640a820ef131cf30024aac72354c96e75fc80d57
                                                                                                                                                                                                  • Instruction ID: 64e577456e08c1dc70137f4199bbc29ee3e71aa9bf4d7737ec0484a7b8101073
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7775370b02730c13e157e616640a820ef131cf30024aac72354c96e75fc80d57
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 75D1C171608701ABD300DF69D981A6FB7E8BFD9318F40861DF99587280DB79E851CBA3
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,6B9BDDC0,?,00000002,00000000,00000000,6B9BDDC0,00000000,?,?,00000000,?,?,?,?,6B9BDDC0), ref: 6B9BCBF6
                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6B9BCC19
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B9BCC42
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B9BCC5D
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B9BCC6B
                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000042,?,?,?,?), ref: 6B9BCC79
                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 6B9BCC87
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B9BCCA6
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B9BCCB4
                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(?), ref: 6B9BCCC1
                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000042,?,?,?,00000002,00000000,6B9BDDC0,?,?,?,?,6B9BDDC0,?,?,?), ref: 6B9BCCD7
                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6B9BCCE5
                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 6B9BCCEE
                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 6B9BCD01
                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6B9BCD04
                                                                                                                                                                                                  • memcpy.MSVCR100(00000000,?,?,?,?,?,6B9BDDC0,?,?,?), ref: 6B9BCD21
                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(?), ref: 6B9BCD2C
                                                                                                                                                                                                  • wcslen.MSVCR100 ref: 6B9BCD43
                                                                                                                                                                                                  • wcslen.MSVCR100 ref: 6B9BCD4B
                                                                                                                                                                                                  • wcslen.MSVCR100 ref: 6B9BCD56
                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000042,?,?,?,?,?,?,?,?,?,?,6B9BDDC0,?,?,?), ref: 6B9BCD70
                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 6B9BCD7A
                                                                                                                                                                                                  • memcpy.MSVCR100(00000008,?,00000000,?,?,?,?,?,?,?,?,?,6B9BDDC0,?,?,?), ref: 6B9BCD94
                                                                                                                                                                                                  • memcpy.MSVCR100(?,?,?,00000008,?,00000000,?,?,?,?,?,?,?,?,?,6B9BDDC0), ref: 6B9BCDB1
                                                                                                                                                                                                  • memcpy.MSVCR100(?,?,?,?,?,?,00000008,?,00000000), ref: 6B9BCDD2
                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(?), ref: 6B9BCDE4
                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6B9BCDEB
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Global$Free_control87$Allocmemcpy$LockUnlockwcslen
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1392141960-0
                                                                                                                                                                                                  • Opcode ID: 1ea106e2d58dbb77980d03b8469b41dbfc32d307f0324fe14782418e1b5d3fa9
                                                                                                                                                                                                  • Instruction ID: 08215d66e9a626411fbc322cf76c17cee4952a236f60df2b5a9b055243cbaf9a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ea106e2d58dbb77980d03b8469b41dbfc32d307f0324fe14782418e1b5d3fa9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 737169B5904619BFDF00AFB1CC85DAEBBBCEF05355B10886AF914E2250E738D994DB60
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • J2dTraceImpl.AWT ref: 6B98CD1E
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,WGLGC_GetPixelFormatForDC: error choosing pixel format), ref: 6B98CD4A
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,WGLGC_GetPixelFormatForDC: no pixel formats found), ref: 6B98CD66
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • WGLGC_GetPixelFormatForDC: error choosing pixel format, xrefs: 6B98CD43
                                                                                                                                                                                                  • true, xrefs: 6B98CE12
                                                                                                                                                                                                  • + , xrefs: 6B98CCD5
                                                                                                                                                                                                  • " , xrefs: 6B98CDBC
                                                                                                                                                                                                  • WGLGC_GetPixelFormatForDC: chose %d as the best pixel format, xrefs: 6B98CE6D
                                                                                                                                                                                                  • [V] pixfmt=%d db=%d alpha=%d depth=%d stencil=%d valid=, xrefs: 6B98CDFB
                                                                                                                                                                                                  • WGLGC_GetPixelFormatForDC: no pixel formats found, xrefs: 6B98CD5F
                                                                                                                                                                                                  • " , xrefs: 6B98CD01
                                                                                                                                                                                                  • false (large depth), xrefs: 6B98CE28
                                                                                                                                                                                                  • WGLGC_GetPixelFormatForDC, xrefs: 6B98CCBD
                                                                                                                                                                                                  • candidate pixel formats:, xrefs: 6B98CD75
                                                                                                                                                                                                  • # , xrefs: 6B98CDC4
                                                                                                                                                                                                  • - , xrefs: 6B98CCE9
                                                                                                                                                                                                  • WGLGC_GetPixelFormatForDC: could not find appropriate pixfmt, xrefs: 6B98CE59
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Trace$Impl$fprintf$Init@0fflushvfprintf
                                                                                                                                                                                                  • String ID: candidate pixel formats:$" $" $# $+ $- $WGLGC_GetPixelFormatForDC$WGLGC_GetPixelFormatForDC: chose %d as the best pixel format$WGLGC_GetPixelFormatForDC: could not find appropriate pixfmt$WGLGC_GetPixelFormatForDC: error choosing pixel format$WGLGC_GetPixelFormatForDC: no pixel formats found$[V] pixfmt=%d db=%d alpha=%d depth=%d stencil=%d valid=$false (large depth)$true
                                                                                                                                                                                                  • API String ID: 1961874229-499134102
                                                                                                                                                                                                  • Opcode ID: e2b7fad4e2b42ab745e85d50f23dbb17501a6b99b934d8f1800ef05b27e87203
                                                                                                                                                                                                  • Instruction ID: 75bff3b5f5053e4e7265c4755cd1ff656640b5bdb414a55b48cc266ca046fb30
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e2b7fad4e2b42ab745e85d50f23dbb17501a6b99b934d8f1800ef05b27e87203
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 395181B1518740ABE3209F65DC49B4BBBE8BFD5708F01492DF68466281D3B9D909CBA3
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • getenv.MSVCR100 ref: 6B938857
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000002,00000000,[W] D3DPPLM::SelectDeviceType: ), ref: 6B938879
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  • strncmp.MSVCR100 ref: 6B93888C
                                                                                                                                                                                                  • strncmp.MSVCR100 ref: 6B93889D
                                                                                                                                                                                                  • strncmp.MSVCR100 ref: 6B9388AE
                                                                                                                                                                                                  • strncmp.MSVCR100 ref: 6B9388BF
                                                                                                                                                                                                  • strncmp.MSVCR100 ref: 6B9388D0
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000002,00000000,nullref rasterizer selected), ref: 6B9388E1
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000002,00000000,unknown rasterizer: %s, only (ref|hal|nul) supported, hal selected instead,00000000), ref: 6B9388F7
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000002,00000000,hal rasterizer selected), ref: 6B93890A
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000002,00000000,ref rasterizer selected), ref: 6B93891A
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000002,00000000,6B9E8D84), ref: 6B938930
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Trace$Impl$strncmp$fprintf$Init@0fflushgetenvvfprintf
                                                                                                                                                                                                  • String ID: J2D_D3D_RASTERIZER$[W] D3DPPLM::SelectDeviceType: $hal$hal rasterizer selected$nul$nullref rasterizer selected$ref$ref rasterizer selected$rgb$tnl$unknown rasterizer: %s, only (ref|hal|nul) supported, hal selected instead
                                                                                                                                                                                                  • API String ID: 3195847988-1892569255
                                                                                                                                                                                                  • Opcode ID: 4b32894a1ef83a113c8ca1e2249e9ebcbdaebc49cfab27b657895fbb3ab4ea2f
                                                                                                                                                                                                  • Instruction ID: e217d0197ee7c06a5c0cc91cea6cbe069eddf3cd1124e6f565ba738eca1957a4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b32894a1ef83a113c8ca1e2249e9ebcbdaebc49cfab27b657895fbb3ab4ea2f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F117C6079462072F62A31665CABFEA134C8FD5B0CF060070FE08B82C3E69DD71682B7
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Globalfabsfree$_control87$LockUnlock$_wcsdup$ExceptionThrow
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2712839795-0
                                                                                                                                                                                                  • Opcode ID: 4d2225225e9fdd7529c7a7ef5794e168fecae17284410189925b207587eb357f
                                                                                                                                                                                                  • Instruction ID: a9689f9020b97a713fde3cde68ef5254d9680c7c77bcead2838acd333b1b8bee
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d2225225e9fdd7529c7a7ef5794e168fecae17284410189925b207587eb357f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DDE1A331D0461DEBDF00AFA0D9456EEBBB8FF45360F21819AE9A0761D0DB39D961CB90
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetSystemDefaultLangID.KERNEL32 ref: 6B9CA9CC
                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(80000001,EUDC\936,00000000,00020019,?), ref: 6B9CAA5B
                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,SystemDefaultEUDCFont,00000000,?,?,?), ref: 6B9CAA83
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 6B9CAA8E
                                                                                                                                                                                                  • wcsstr.MSVCR100 ref: 6B9CAAB8
                                                                                                                                                                                                  • _wgetenv.MSVCR100 ref: 6B9CAAC9
                                                                                                                                                                                                  • wcscmp.MSVCR100 ref: 6B9CAB21
                                                                                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(?,00000105), ref: 6B9CAB36
                                                                                                                                                                                                  • wcslen.MSVCR100 ref: 6B9CAB64
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseDefaultDirectoryLangOpenQuerySystemValueWindows_wgetenvwcscmpwcslenwcsstr
                                                                                                                                                                                                  • String ID: %SystemRoot%$%s%s$%s\FONTS\EUDC.TTE$EUDC.TTE$EUDC\1252$EUDC\932$EUDC\936$EUDC\949$EUDC\950$SystemDefaultEUDCFont$SystemRoot
                                                                                                                                                                                                  • API String ID: 3696901863-1206960182
                                                                                                                                                                                                  • Opcode ID: b812bc05be457c6c34e59f9db866d2114d5e60b508f30624fd13ccbd21c47547
                                                                                                                                                                                                  • Instruction ID: 37709ef265d8523dcd0e1792d313a553802fcc4b127230c91ba7c473e006d09f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b812bc05be457c6c34e59f9db866d2114d5e60b508f30624fd13ccbd21c47547
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E41C571604708AFEF24EA68CD54BDB337DEB45310F504029E65AD718AEB78D646CB23
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetVersion.KERNEL32(00000000), ref: 6B99E22A
                                                                                                                                                                                                    • Part of subcall function 6B99DC8F: _JNU_GetEnv@8.JAVA(00010002,?,00000000,?,6B99E267,win.frame.captionFont,?), ref: 6B99DCA7
                                                                                                                                                                                                    • Part of subcall function 6B99DC8F: wcslen.MSVCR100 ref: 6B99DCBC
                                                                                                                                                                                                    • Part of subcall function 6B99DC8F: _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B99DCEC
                                                                                                                                                                                                    • Part of subcall function 6B99DC8F: _JNU_GetEnv@8.JAVA(00010002), ref: 6B99DD1D
                                                                                                                                                                                                    • Part of subcall function 6B99DC8F: wcslen.MSVCR100 ref: 6B99DD27
                                                                                                                                                                                                    • Part of subcall function 6B99DC8F: _JNU_GetEnv@8.JAVA(00010002), ref: 6B99DD40
                                                                                                                                                                                                    • Part of subcall function 6B99DC8F: _JNU_GetEnv@8.JAVA(00010002), ref: 6B99DD79
                                                                                                                                                                                                    • Part of subcall function 6B99DC8F: _JNU_GetEnv@8.JAVA(00010002), ref: 6B99DD8C
                                                                                                                                                                                                    • Part of subcall function 6B99D8BC: _JNU_GetEnv@8.JAVA(00010002,?,00000000,?,?,6B99EB84,win.properties.version,00000003,?,?,6B99EC15), ref: 6B99D8D0
                                                                                                                                                                                                    • Part of subcall function 6B99D8BC: wcslen.MSVCR100 ref: 6B99D8DA
                                                                                                                                                                                                    • Part of subcall function 6B99D8BC: _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B99D907
                                                                                                                                                                                                    • Part of subcall function 6B99D8BC: _JNU_GetEnv@8.JAVA(00010002,?,?,6B99EB84,win.properties.version,00000003,?,?,6B99EC15), ref: 6B99D913
                                                                                                                                                                                                    • Part of subcall function 6B99D8BC: _JNU_GetEnv@8.JAVA(00010002), ref: 6B99D934
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8$wcslen$ExceptionThrow$Version
                                                                                                                                                                                                  • String ID: win.frame.captionButtonHeight$win.frame.captionButtonWidth$win.frame.captionFont$win.frame.captionHeight$win.frame.sizingBorderWidth$win.frame.smallCaptionButtonHeight$win.frame.smallCaptionButtonWidth$win.frame.smallCaptionFont$win.frame.smallCaptionHeight$win.menu.buttonWidth$win.menu.font$win.menu.height$win.messagebox.font$win.scrollbar.height$win.scrollbar.width$win.status.font$win.tooltip.font
                                                                                                                                                                                                  • API String ID: 2390684449-2548947993
                                                                                                                                                                                                  • Opcode ID: d8e8872c7a281f4aee4741e85ad2f5238edfa8594df6a2bc910f4f3f87cbd9b4
                                                                                                                                                                                                  • Instruction ID: b41ecdfff019b66fd1cf90cb9a1a46a5d3eb3e089cc1b4c9ef211da0835f7e6e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8e8872c7a281f4aee4741e85ad2f5238edfa8594df6a2bc910f4f3f87cbd9b4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 943192306401286BEF656F75AC45FBD7F2E9F94328F480199A80962341DF7CCE418BA1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@CurrentDirectoryfreememsetwcslen$Env@8ExceptionH_prolog3_catchThrowwcscpy_swcsncpy
                                                                                                                                                                                                  • String ID: &$X
                                                                                                                                                                                                  • API String ID: 3999855097-1473895200
                                                                                                                                                                                                  • Opcode ID: 210330d559b25ed825e34354d81e1ac665e1747e42f924663a165a0a8e0b47c8
                                                                                                                                                                                                  • Instruction ID: 8741352237886ccb3c24a438791b3ebbf7213969ff9ffb539bb4584d09628df8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 210330d559b25ed825e34354d81e1ac665e1747e42f924663a165a0a8e0b47c8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12D18671805608EFDF029FA8C889ADD7FB9FF0A308F50806AF95496260D73AD991CF50
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9BE4E9
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _wcsdup.MSVCR100 ref: 6B9BE59B
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B9BE5E6
                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 6B9BE60C
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B9BE640
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B9BE64E
                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(?), ref: 6B9BE67E
                                                                                                                                                                                                  • memset.MSVCR100 ref: 6B9BE69C
                                                                                                                                                                                                  • _wfullpath.MSVCR100 ref: 6B9BE6C2
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B9BE6E6
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B9BE6F4
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B9BE6FB
                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 6B9BE707
                                                                                                                                                                                                  • _JNU_ThrowByName@12.JAVA(?,No printer found.), ref: 6B9BE723
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _control87$GlobalThrow$CreateCurrentEnv@8ErrorEventExceptionH_prolog3_catchLastLockName@12ObjectSingleThreadUnlockWait_wcsdup_wfullpathfreememset
                                                                                                                                                                                                  • String ID: No printer found.
                                                                                                                                                                                                  • API String ID: 2759171941-2747498138
                                                                                                                                                                                                  • Opcode ID: 00bfb7d68646eec39e0a7f7a780a12668ed5e12e4cec58912f623c7cca887472
                                                                                                                                                                                                  • Instruction ID: 7431fb5a6810719858b0e265e66050dc0aeb5835bde8a7e4806b7677bb645dcc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 00bfb7d68646eec39e0a7f7a780a12668ed5e12e4cec58912f623c7cca887472
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8817571C14A28EFCF119FA4CC89ADFBBB8EF09714F1049AAE415A6251DB39D541CFA0
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000003,00000001,D3DContext::InitDevice: device %d,?), ref: 6B934456
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  • memset.MSVCR100 ref: 6B9345A6
                                                                                                                                                                                                  • memset.MSVCR100 ref: 6B9345B5
                                                                                                                                                                                                  • ?CreateInstance@D3DVertexCacher@@SAJPAVD3DContext@@PAPAV1@@Z.AWT(?,?), ref: 6B9345F0
                                                                                                                                                                                                  • ?Init@D3DVertexCacher@@QAEJPAVD3DContext@@@Z.AWT ref: 6B9345FB
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B934651
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B934680
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000002,00000001,D3DContext::InitDevice: sync query not available), ref: 6B93471A
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000002,00000001,D3DContext::InitDevice: error creating sync surface,00000020,00000020,00000001,00000001,?,?), ref: 6B93475A
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000003,00000001,D3DContext::InitDefice: successfully initialized device %d,?), ref: 6B93477C
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • D3DContext::InitDefice: successfully initialized device %d, xrefs: 6B934769
                                                                                                                                                                                                  • D3DContext::InitDevice: device %d, xrefs: 6B93444D
                                                                                                                                                                                                  • D3DContext::InitDevice: error creating sync surface, xrefs: 6B934751
                                                                                                                                                                                                  • D3DContext::InitDevice: sync query not available, xrefs: 6B934711
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Trace$Impl$??3@Cacher@@Vertexfprintfmemset$Context@@Context@@@CreateInit@Init@0Instance@V1@@fflushvfprintf
                                                                                                                                                                                                  • String ID: D3DContext::InitDefice: successfully initialized device %d$D3DContext::InitDevice: device %d$D3DContext::InitDevice: error creating sync surface$D3DContext::InitDevice: sync query not available
                                                                                                                                                                                                  • API String ID: 3508455555-2460147876
                                                                                                                                                                                                  • Opcode ID: b4012f33c67c2457a668fd65fd55a5c252076ed6788b4701a209cb00adffd792
                                                                                                                                                                                                  • Instruction ID: 0d043a654ed7443d6a71ef48f71332c9d3f6b55a084247927294f64140b72360
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4012f33c67c2457a668fd65fd55a5c252076ed6788b4701a209cb00adffd792
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 05B1C871244614BFE215EF64CCC2FAAB3A9FF99708F00456CF3855B280D7B6A9518BD2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000002,00000001,D3DPPLM::CreateDefaultFocusWindow: existing default focus window!), ref: 6B938CC0
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  • memset.MSVCR100 ref: 6B938CE5
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 6B938CF5
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DPPLM::CreateDefaultFocusWindow: error registering window class), ref: 6B938D26
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • D3DPPLM::CreateDefaultFocusWindow: error getting monitor info for adapter=%d, xrefs: 6B938DF1
                                                                                                                                                                                                  • D3DPPLM::CreateDefaultFocusWindow: existing default focus window!, xrefs: 6B938CB7
                                                                                                                                                                                                  • D3DPPLM::CreateDefaultFocusWindow: CreateWindow failed, xrefs: 6B938DB5
                                                                                                                                                                                                  • D3DPPLM::CreateDefaultFocusWindow: error registering window class, xrefs: 6B938D1D
                                                                                                                                                                                                  • (, xrefs: 6B938D55
                                                                                                                                                                                                  • D3DFocusWindow, xrefs: 6B938D0A, 6B938D9D, 6B938DA2
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Trace$Implfprintf$HandleInit@0Modulefflushmemsetvfprintf
                                                                                                                                                                                                  • String ID: ($D3DFocusWindow$D3DPPLM::CreateDefaultFocusWindow: CreateWindow failed$D3DPPLM::CreateDefaultFocusWindow: error getting monitor info for adapter=%d$D3DPPLM::CreateDefaultFocusWindow: error registering window class$D3DPPLM::CreateDefaultFocusWindow: existing default focus window!
                                                                                                                                                                                                  • API String ID: 4014809333-1279274881
                                                                                                                                                                                                  • Opcode ID: 21f0feb8df2f343bce055403bcb28aa76a7151bd25fcabea23711e9014b4b640
                                                                                                                                                                                                  • Instruction ID: 39f187990f54b857ea7842f6ec3ab5e1449c261c2a4f35670cc8957398e9b0cb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21f0feb8df2f343bce055403bcb28aa76a7151bd25fcabea23711e9014b4b640
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8241D4717483007BD614AB78CC47F9AB3A8BFA4B09F80842DF6059A2C0DBF8D10587A2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: lstrcmplstrlenwcscpy_swcsncpy
                                                                                                                                                                                                  • String ID: ERROR$INFO$NONE$WARNING
                                                                                                                                                                                                  • API String ID: 3272366325-1714611078
                                                                                                                                                                                                  • Opcode ID: 758287d4f48f73d3b04d2031776cda82d96012ec69edc2cae0368eff3ccc903b
                                                                                                                                                                                                  • Instruction ID: 28e3861f7dcf27cb799db17cc5eb28047ad2d6b9ee54c6d6906b3df259889c53
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 758287d4f48f73d3b04d2031776cda82d96012ec69edc2cae0368eff3ccc903b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28319A70114701ABD3649B75CC89FABB3ECAF82720F00582DE64AE6181E778E1448B37
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: free$ExceptionH_prolog3_catchThrow
                                                                                                                                                                                                  • String ID: ColorName$DllName$SizeName$ThemeActive$win.xpstyle.colorName$win.xpstyle.dllName$win.xpstyle.sizeName$win.xpstyle.themeActive
                                                                                                                                                                                                  • API String ID: 2975937513-2949881520
                                                                                                                                                                                                  • Opcode ID: 296718a4d3d3dc106c93a15f9766c960ac53d7ea5a61aa09feb345a6c33b0150
                                                                                                                                                                                                  • Instruction ID: 6673c0889e0effb4b46ea92e8d906f6ebb98278c8b901b4b850dd00335d30a52
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 296718a4d3d3dc106c93a15f9766c960ac53d7ea5a61aa09feb345a6c33b0150
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B0219272D141099A9F50BFF4ADC197E77BDEE9529CB19402EE114A3240CF38C941C7B6
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?UpdateState@D3DContext@@QAEJC@Z.AWT(00000000), ref: 6B93A787
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,6BA1BDA0), ref: 6B93A79F
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_FlushBuffer: failed to get context,?,6BA1BDA0), ref: 6B93A7B3
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(?,6BA1BDA0), ref: 6B93A7DE
                                                                                                                                                                                                    • Part of subcall function 6B934FB0: ?Render@D3DVertexCacher@@QAEJH@Z.AWT(00000000), ref: 6B934FC5
                                                                                                                                                                                                  • ?SetRenderTarget@D3DContext@@QAEJPAUIDirect3DSurface9@@@Z.AWT(?,?,6BA1BDA0), ref: 6B93A800
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@$Manager@@Pipeline$Context@Context@@@Scene@$Cacher@@CallDirect3ImplInstance@MethodNameRenderRender@State@Surface9@@@Sync@Target@TraceUpdateVertex
                                                                                                                                                                                                  • String ID: ()V$D3DRQ_FlushBuffer: failed to get context$run
                                                                                                                                                                                                  • API String ID: 1862989597-2912635533
                                                                                                                                                                                                  • Opcode ID: 17d47289bb14a881b703d00919dfc1149317925e1eed5b0905deba44572f5053
                                                                                                                                                                                                  • Instruction ID: 2390f585c37786ff80fc9b64869825f4a54da11a85f0bd255e02df8e73e62b21
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 17d47289bb14a881b703d00919dfc1149317925e1eed5b0905deba44572f5053
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A41B4356043214FDF88DB75C9C2B2E33E9AF95308F998168E80A87351DB39D802CB61
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9BE78A
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                    • Part of subcall function 6B9BC6AB: _JNU_GetFieldByName@20.JAVA(?,?,?,6B9BDF31,6B9D946C,?,?,?,6B9BDF31,?,?,?,00000048), ref: 6B9BC6C1
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B9BE7F8
                                                                                                                                                                                                    • Part of subcall function 6B9BC798: fabs.MSVCR100 ref: 6B9BC805
                                                                                                                                                                                                    • Part of subcall function 6B9BC798: fabs.MSVCR100 ref: 6B9BC824
                                                                                                                                                                                                    • Part of subcall function 6B9BC798: GlobalLock.KERNEL32(?), ref: 6B9BC85C
                                                                                                                                                                                                    • Part of subcall function 6B9BC798: GlobalUnlock.KERNEL32(?), ref: 6B9BC876
                                                                                                                                                                                                  • GlobalLock.KERNEL32(?), ref: 6B9BE888
                                                                                                                                                                                                  • GlobalLock.KERNEL32(?), ref: 6B9BE8DA
                                                                                                                                                                                                  • _wcsdup.MSVCR100 ref: 6B9BE8E8
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B9BE91D
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B9BE92B
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B9BE93A
                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(?), ref: 6B9BE94C
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B9BE95E
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B9BE96C
                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(?), ref: 6B9BE978
                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(?), ref: 6B9BE989
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B9BE9A2
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B9BE9B0
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Global_control87$Unlock$Lock$fabs$CreateCurrentEnv@8EventExceptionFieldH_prolog3_catchName@20ObjectSingleThreadThrowWait_wcsdupfree
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1525313426-0
                                                                                                                                                                                                  • Opcode ID: 0380d86601695b958a8106b6bd3fe14cc90677146b3b3c017e68923196f65134
                                                                                                                                                                                                  • Instruction ID: 98960273a08c428dfb8f2899a1f25d202862456a91a665b9d7d2f9c20660679f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0380d86601695b958a8106b6bd3fe14cc90677146b3b3c017e68923196f65134
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4761A372808609BFDF10AFB1DC8A8DF7BBCEF05315B204869F510A61A1DB35DA55CBA0
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,BufferedMaskBlit_enqueueTile: srcOps is null), ref: 6B924D9E
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,BufferedMaskBlit_enqueueTile: cannot get direct buffer address), ref: 6B924DBA
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • BufferedMaskBlit_enqueueTile: srcOps is null, xrefs: 6B924D95
                                                                                                                                                                                                  • BufferedMaskBlit_enqueueTile: cannot get direct buffer address, xrefs: 6B924DB1
                                                                                                                                                                                                  • BufferedMaskBlit_enqueueTile: could not acquire lock, xrefs: 6B924E50
                                                                                                                                                                                                  • BufferedMaskBlit_enqueueTile: mask array is null, xrefs: 6B924DCF
                                                                                                                                                                                                  • BufferedMaskBlit_enqueueTile: cannot lock mask array, xrefs: 6B924ED6
                                                                                                                                                                                                  • BufferedMaskBlit_enqueueTile: mask array too large, xrefs: 6B924DF4
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Trace$Implfprintf$Init@0fflushvfprintf
                                                                                                                                                                                                  • String ID: BufferedMaskBlit_enqueueTile: cannot get direct buffer address$BufferedMaskBlit_enqueueTile: cannot lock mask array$BufferedMaskBlit_enqueueTile: could not acquire lock$BufferedMaskBlit_enqueueTile: mask array is null$BufferedMaskBlit_enqueueTile: mask array too large$BufferedMaskBlit_enqueueTile: srcOps is null
                                                                                                                                                                                                  • API String ID: 1389929741-1464262851
                                                                                                                                                                                                  • Opcode ID: b156e80e933f11be9bb416ca30286bd6f7dadb8481576635e3dff5b255626a10
                                                                                                                                                                                                  • Instruction ID: f1fcfe6229b8cc6c79dde4d0440587483b105c82a8144e740239a2c78c492e50
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b156e80e933f11be9bb416ca30286bd6f7dadb8481576635e3dff5b255626a10
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03F1AF70A583828BD324DF59C880B6AB7E4FFD5304F04493DEA989738AD779E605CB52
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch_GS.LIBCMT ref: 6B99C687
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B99C746
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B99C783
                                                                                                                                                                                                  • labs.MSVCR100(?), ref: 6B99C7A6
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B99C8C3
                                                                                                                                                                                                    • Part of subcall function 6B9CF401: malloc.MSVCR100 ref: 6B9CF408
                                                                                                                                                                                                    • Part of subcall function 6B9CF401: _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B9CF426
                                                                                                                                                                                                  • labs.MSVCR100(?), ref: 6B99C855
                                                                                                                                                                                                  • labs.MSVCR100(?,?), ref: 6B99C864
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B99C8AC
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B99C951
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B99C97B
                                                                                                                                                                                                  • _JNU_ThrowIOException@8.JAVA(?), ref: 6B99C987
                                                                                                                                                                                                  • _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B99CA78
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B99CADA
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B99CB02
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: free$Throw$Exceptionlabs$CreateCurrentEnv@8EventException@8H_prolog3_catch_ObjectSingleThreadWaitmalloc
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3689081637-0
                                                                                                                                                                                                  • Opcode ID: 74ad493288e8e127f454b212aa1526692040fa51b22ec116de042942cf7bff14
                                                                                                                                                                                                  • Instruction ID: e12d6b7e01cf2f83d1dc15b048ba0e1148cc053937aeb2e82b150b39905d2965
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74ad493288e8e127f454b212aa1526692040fa51b22ec116de042942cf7bff14
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4CF15672C04209EFDF50AFA9DC899EDBBB9FF09314F58812AE515A6260C734D952CF60
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _GrPrim_Sg2dGetPixel@8.AWT ref: 6B944303
                                                                                                                                                                                                  • _JNU_ThrowArrayIndexOutOfBoundsException@8.JAVA(?,polygon length array size), ref: 6B944376
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,coordinate array), ref: 6B9445ED
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8Throw$ArrayBoundsIndexNullPixel@8PointerPrim_Sg2d
                                                                                                                                                                                                  • String ID: coordinate array$coordinate array length$polygon length array$polygon length array size
                                                                                                                                                                                                  • API String ID: 3307046617-438434412
                                                                                                                                                                                                  • Opcode ID: a3b8072db3a0371beca100f076bcf666330a854c4fd1f836c00e499060f57ea2
                                                                                                                                                                                                  • Instruction ID: e150d457c76f6d345007ab99e710b30e76a4a2ae6e26a2bbe2fa9969dc6ae6cf
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3b8072db3a0371beca100f076bcf666330a854c4fd1f836c00e499060f57ea2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5A10871208741AFD755DF68C880E6BB3F9AFC9704F10895CF69987340DB39E9068BA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?GetAdapterOrdinalForScreen@D3DPipelineManager@@QAEIJ@Z.AWT ref: 6B93A816
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(00000000,6BA1BDA0), ref: 6B93A83B
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(00000000,6BA1BDA0), ref: 6B93A862
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Manager@@Pipeline$Context@@$Context@Context@@@Scene@$AdapterCallInstance@MethodNameOrdinalScreen@Sync@
                                                                                                                                                                                                  • String ID: ()V$D3DRQ_FlushBuffer: failed to get context$run
                                                                                                                                                                                                  • API String ID: 1592665751-2912635533
                                                                                                                                                                                                  • Opcode ID: 99ccc0d0fe1bed2e89aa57a9f2fdf36434c5c17a0582eb30a6c5710e9fb7d9e4
                                                                                                                                                                                                  • Instruction ID: fb945e1d15cce0c0972bf4d6b877a7f6a6d178b46ae45298c904445aea15e708
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 99ccc0d0fe1bed2e89aa57a9f2fdf36434c5c17a0582eb30a6c5710e9fb7d9e4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0331B0356083214FDF88CB75C8D2B2E33AAAF95218F99412CE80A97391DB3DDC02C761
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,00000000,00000000,?,?,6B9B5BDF,00000000,?,00000000), ref: 6B9B6A12
                                                                                                                                                                                                  • wcslen.MSVCR100 ref: 6B9B6A23
                                                                                                                                                                                                  • _CxxThrowException.MSVCR100(00000000,6B9F9388), ref: 6B9B6A53
                                                                                                                                                                                                  • JNU_NewObjectByName.JAVA(?,java/lang/OutOfMemoryError,(Ljava/lang/String;)V,00000000,00000000,6B9F9388,?,6B9B5BDF,00000000,?,00000000), ref: 6B9B6A64
                                                                                                                                                                                                  • FormatMessageW.KERNEL32(00001100,00000000,00000000,00000400,00000000,00000000,00000000,?,?,6B9B5BDF,00000000,?,00000000), ref: 6B9B6A82
                                                                                                                                                                                                  • wcslen.MSVCR100 ref: 6B9B6A8B
                                                                                                                                                                                                  • JNU_NewObjectByName.JAVA(?,java/lang/InternalError,(Ljava/lang/String;)V,00000000,?,6B9B5BDF,00000000,?,00000000), ref: 6B9B6AB4
                                                                                                                                                                                                  • LocalFree.KERNEL32(00000000), ref: 6B9B6AC1
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: NameObjectwcslen$ErrorExceptionFormatFreeLastLocalMessageThrow
                                                                                                                                                                                                  • String ID: (Ljava/lang/String;)V$java/lang/InternalError$java/lang/OutOfMemoryError$too many menu handles
                                                                                                                                                                                                  • API String ID: 633141992-867821964
                                                                                                                                                                                                  • Opcode ID: 4ad06194a3082b7561ec8490b337bc6c3fb82d84ea30f99b3b39b014a915fd13
                                                                                                                                                                                                  • Instruction ID: c14c4af9901bbf0782d56351e58e0835a185b56a5f513131ee56a50811503cba
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ad06194a3082b7561ec8490b337bc6c3fb82d84ea30f99b3b39b014a915fd13
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1621AE76504104BFCB12AFA5CC88CEFBB7CEF8A265B118469F94192201DB39E912CB70
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch_GS.LIBCMT ref: 6B98E01B
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • GetVersionExW.KERNEL32 ref: 6B98E042
                                                                                                                                                                                                  • GetProfileStringW.KERNEL32(windows,device,,,,,?,000000FA), ref: 6B98E070
                                                                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 6B98E083
                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000002), ref: 6B98E0A6
                                                                                                                                                                                                  • lstrcpynW.KERNEL32(00000000,?,00000001), ref: 6B98E0B8
                                                                                                                                                                                                  • wcslen.MSVCR100 ref: 6B98E0BF
                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6B98E0D4
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Global$AllocCreateCurrentEnv@8EventExceptionFreeH_prolog3_catch_ObjectProfileSingleStringThreadThrowVersionWaitlstrcpynlstrlenwcslen
                                                                                                                                                                                                  • String ID: ,$,,,$device$windows
                                                                                                                                                                                                  • API String ID: 2158518943-142822725
                                                                                                                                                                                                  • Opcode ID: a8779d7350b6027d83988ced4e5e7a42e0ef595b56c0242fb113e91b2d30fea3
                                                                                                                                                                                                  • Instruction ID: a01da066c3994ff9111efddc318f53e6ff2e046bf830ba9a8e071ed1df23477c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8779d7350b6027d83988ced4e5e7a42e0ef595b56c0242fb113e91b2d30fea3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5211A235514A14ABDB60AFA1CC58BAF77BCEB47705F4088A4F909D6141C738CA858F72
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: getenv$MlibStopTimerawt_set$Imagingawt_getsscanf
                                                                                                                                                                                                  • String ID: IMLIB_DEBUG$IMLIB_NOMLIB$IMLIB_PRINT$IMLIB_START
                                                                                                                                                                                                  • API String ID: 684862927-446633176
                                                                                                                                                                                                  • Opcode ID: 7c0206d798208569afcf3be5cefaa3a90265e501bfe63470e968ff0f7b9e16b0
                                                                                                                                                                                                  • Instruction ID: 100a5ba01a9de1ea983d03c3e6a6888b2663e248a1c9b315a1698e9b2facdaa9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c0206d798208569afcf3be5cefaa3a90265e501bfe63470e968ff0f7b9e16b0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC0180B1A183106BFF80AB745DA6B573AACAB5A348F04C027E8509A601E73DC455CBB2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch_GS.LIBCMT ref: 6B99CBC4
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,00000001,0000002C), ref: 6B99CCC0
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,00000001,0000002C), ref: 6B99CD40
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,00000001,0000002C), ref: 6B99CD8E
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,00000001,0000002C), ref: 6B99CDB5
                                                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,0000002C), ref: 6B99CDF0
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B99CE57
                                                                                                                                                                                                  • _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B99D08D
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B99D0C8
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorLast$ExceptionThrowfree$CreateCurrentEnv@8EventH_prolog3_catch_ObjectSingleThreadWait
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1826456516-0
                                                                                                                                                                                                  • Opcode ID: a12b591f6484383034bf6bf3affd0455feab9ac8472a5ca5c7d30c16daeb8bf4
                                                                                                                                                                                                  • Instruction ID: b6376ff38b54c3f2fce2ba7a3685a1e7bfe984f1d57c401b31af99473af62e98
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a12b591f6484383034bf6bf3affd0455feab9ac8472a5ca5c7d30c16daeb8bf4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA026B71D44219EFDB51AFA4DC89AAEBFB8FF0A710F244129F801A6240D779D941CBA1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Global$wcslen$LockUnlock$wcscmp
                                                                                                                                                                                                  • String ID: $ $FILE:
                                                                                                                                                                                                  • API String ID: 4049719868-1231628309
                                                                                                                                                                                                  • Opcode ID: 987f75de2057cb11a3fd80db6be737eeba1ca71e03dc12851850318836a954f7
                                                                                                                                                                                                  • Instruction ID: 2e1ccc5d7941c8fea62dc1fdf1433935f78af177106ef9b4d91f4ff203882eed
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 987f75de2057cb11a3fd80db6be737eeba1ca71e03dc12851850318836a954f7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 92A1BD71800716FBDF149FA9CC49AAFBBB9FF46304F108469F91196151EB39EA50CB60
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch_GS.LIBCMT ref: 6B990C2A
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002,00000074), ref: 6B990C54
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null target), ref: 6B990C93
                                                                                                                                                                                                  • _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B990DCF
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Throw$Env@8Exception$CreateCurrentEventException@8H_prolog3_catch_NullObjectPointerSingleThreadWait
                                                                                                                                                                                                  • String ID: Unable to set Pixel format on Canvas$java/awt/Canvas$java/lang/RuntimeException$null hParent$null parent$null target$sun/awt/Win32GraphicsConfig
                                                                                                                                                                                                  • API String ID: 2175204537-2000726936
                                                                                                                                                                                                  • Opcode ID: 305be8737e7e923fc43971bcff77400dd55cb2064603d155dac37cce1f420e37
                                                                                                                                                                                                  • Instruction ID: 9d857a631e0b46dc62c9185d52c0a1421b01d62157639c84b1626e4af138a8b6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 305be8737e7e923fc43971bcff77400dd55cb2064603d155dac37cce1f420e37
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A1913731905204EFDB52DFA8C848E9EBBB9BF49304F244059F995AB211D739D942CF21
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _control87$??3@Error@8H_prolog3_catchMemoryThrowwcslen
                                                                                                                                                                                                  • String ID: OutOfMemoryError$java/lang/String
                                                                                                                                                                                                  • API String ID: 2688024138-341214972
                                                                                                                                                                                                  • Opcode ID: 0fdddd192b4efbb8062d72e919815fc05d9753d9ecada93de0c355810b4d267f
                                                                                                                                                                                                  • Instruction ID: 61bc3231e5933f8cf269e899a0e0fa876eb53361e14e682e686de663456d0bbd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0fdddd192b4efbb8062d72e919815fc05d9753d9ecada93de0c355810b4d267f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC611572900509EFDF029FA4CC88CEEBBB9FF49314F250469F915A2260DB399991DF61
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • memset.MSVCR100 ref: 6B9BC24C
                                                                                                                                                                                                  • labs.MSVCR100(00000001,?,00000000,0000002C,00000000,?), ref: 6B9BC282
                                                                                                                                                                                                    • Part of subcall function 6B9BBD9B: floor.MSVCR100 ref: 6B9BBE16
                                                                                                                                                                                                    • Part of subcall function 6B9BBD9B: floor.MSVCR100 ref: 6B9BBE33
                                                                                                                                                                                                    • Part of subcall function 6B9BBD9B: floor.MSVCR100 ref: 6B9BBE55
                                                                                                                                                                                                    • Part of subcall function 6B9BBD9B: floor.MSVCR100 ref: 6B9BBE6E
                                                                                                                                                                                                    • Part of subcall function 6B9BBD9B: floor.MSVCR100 ref: 6B9BBE94
                                                                                                                                                                                                    • Part of subcall function 6B9BBD9B: floor.MSVCR100 ref: 6B9BBEB6
                                                                                                                                                                                                  • floor.MSVCR100 ref: 6B9BC2C4
                                                                                                                                                                                                  • floor.MSVCR100 ref: 6B9BC2E4
                                                                                                                                                                                                  • floor.MSVCR100 ref: 6B9BC30B
                                                                                                                                                                                                  • floor.MSVCR100 ref: 6B9BC324
                                                                                                                                                                                                  • floor.MSVCR100 ref: 6B9BC33A
                                                                                                                                                                                                  • floor.MSVCR100 ref: 6B9BC356
                                                                                                                                                                                                  • floor.MSVCR100 ref: 6B9BC372
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B9BC38D
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: floor$freelabsmemset
                                                                                                                                                                                                  • String ID: (
                                                                                                                                                                                                  • API String ID: 351452808-3887548279
                                                                                                                                                                                                  • Opcode ID: a541fbbda76ae743f1479094b90cbd8799371c75f334cd830b3e0dae0134ff0d
                                                                                                                                                                                                  • Instruction ID: fde4a7c23ca016b408dad1baaeafeb4cba751be9dd1c6e890a1759bf82988416
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a541fbbda76ae743f1479094b90cbd8799371c75f334cd830b3e0dae0134ff0d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03518AB1C18A18FFCB04AFA6E8498EEBFB8FF49715F10842EF444A2140CB359940CB64
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null BufferedImage object,00000000,6B9B14DA,?,?,?,00000000), ref: 6B9D0F13
                                                                                                                                                                                                  • calloc.MSVCR100 ref: 6B9D0F25
                                                                                                                                                                                                  • _JNU_ThrowOutOfMemoryError@8.JAVA(?,Out of memory), ref: 6B9D0F3E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Throw$Error@8Exception@8MemoryNullPointercalloc
                                                                                                                                                                                                  • String ID: Out of memory$null BufferedImage object$null Raster object
                                                                                                                                                                                                  • API String ID: 3879535940-3542467003
                                                                                                                                                                                                  • Opcode ID: 90e0225ad26f715eb217ed1716e4ac5f2eaef701a7bb9ba58a2b4d092dd140be
                                                                                                                                                                                                  • Instruction ID: 262842a31281d9a15931a9b7f912ca7d7143ab707c6680b7663f326982f641e9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 90e0225ad26f715eb217ed1716e4ac5f2eaef701a7bb9ba58a2b4d092dd140be
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8931FA72704A056BD310AE7AEC91EBBB3ACEFD7265F148579F918C3240D729E84187A1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 6B96AA50: J2dTraceImpl.AWT(00000001,00000001,OGLContext_IsExtensionAvailable: extension string is null,00000000,?,6B96AD05,00000000,GL_ARB_fragment_shader), ref: 6B96AA68
                                                                                                                                                                                                    • Part of subcall function 6B96AA50: strlen.MSVCR100 ref: 6B96AA79
                                                                                                                                                                                                    • Part of subcall function 6B96AA50: strcspn.MSVCR100 ref: 6B96AA96
                                                                                                                                                                                                    • Part of subcall function 6B96AA50: strlen.MSVCR100 ref: 6B96AA9F
                                                                                                                                                                                                    • Part of subcall function 6B96AA50: strncmp.MSVCR100 ref: 6B96AAAE
                                                                                                                                                                                                    • Part of subcall function 6B96AA50: J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsExtensionAvailable: %s=%s,?,false,00000000,6B98D391,?,?,?,?,WGLGraphicsConfig_getWGLConfigInfo), ref: 6B96AAD7
                                                                                                                                                                                                  • _JNU_GetStaticFieldByName@20.JAVA(?,00000000,sun/java2d/opengl/OGLSurfaceData,isFBObjectEnabled,6B9D9480,?,?,?,?,?,?,6B96AD71,?,00000000), ref: 6B96AB2D
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsFBObjectExtensionAvailable: disabled via flag,?,00000000,sun/java2d/opengl/OGLSurfaceData,isFBObjectEnabled,6B9D9480,?,?,?,?,?,?,6B96AD71,?), ref: 6B96AB43
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsFBObjectExtensionAvailable: fbobject unsupported,?,?,00000000,sun/java2d/opengl/OGLSurfaceData,isFBObjectEnabled,6B9D9480,?,?,?,?,?,?,6B96AD71), ref: 6B96ABE6
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsFBObjectExtensionAvailable: fbobject supported,?,?,?,00000000,sun/java2d/opengl/OGLSurfaceData,isFBObjectEnabled,6B9D9480), ref: 6B96AC2F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • OGLContext_IsFBObjectExtensionAvailable: fbobject supported, xrefs: 6B96AC26
                                                                                                                                                                                                  • GL_EXT_framebuffer_object, xrefs: 6B96AAF3
                                                                                                                                                                                                  • isFBObjectEnabled, xrefs: 6B96AB20
                                                                                                                                                                                                  • OGLContext_IsFBObjectExtensionAvailable: fbobject unsupported, xrefs: 6B96ABDD
                                                                                                                                                                                                  • GL_ARB_depth_texture, xrefs: 6B96AB05
                                                                                                                                                                                                  • sun/java2d/opengl/OGLSurfaceData, xrefs: 6B96AB25
                                                                                                                                                                                                  • OGLContext_IsFBObjectExtensionAvailable: disabled via flag, xrefs: 6B96AB3A
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Trace$Impl$fprintfstrlen$FieldInit@0Name@20Staticfflushstrcspnstrncmpvfprintf
                                                                                                                                                                                                  • String ID: GL_ARB_depth_texture$GL_EXT_framebuffer_object$OGLContext_IsFBObjectExtensionAvailable: disabled via flag$OGLContext_IsFBObjectExtensionAvailable: fbobject supported$OGLContext_IsFBObjectExtensionAvailable: fbobject unsupported$isFBObjectEnabled$sun/java2d/opengl/OGLSurfaceData
                                                                                                                                                                                                  • API String ID: 554788551-3888500106
                                                                                                                                                                                                  • Opcode ID: ad978904db9cc991c0f881dfe996b68ef43d63c7a8809dcbf1e8e57aa2149e57
                                                                                                                                                                                                  • Instruction ID: ade4b4a05c73eea14375733f24a189a6920f7b989069a2aa6def7360cc3715b2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ad978904db9cc991c0f881dfe996b68ef43d63c7a8809dcbf1e8e57aa2149e57
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F531D7757943007BFA117BA08D87FDA3369AF99B05F404018FB456D1C2E6EAE10A87B6
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: fabsfree$_control87$ExceptionThrow$malloc
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4274440171-0
                                                                                                                                                                                                  • Opcode ID: 999d48235b6642d9f3d8617ed8dbd16ccf84ce278641782b2ab5b50043b4df7f
                                                                                                                                                                                                  • Instruction ID: afad0b768f04e1cf3ebf2ce24850fd3949c8daafaf8356364b13d16e44c1c0ec
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 999d48235b6642d9f3d8617ed8dbd16ccf84ce278641782b2ab5b50043b4df7f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E81B371C0450DFBCF009FA1D9885EEBFB8FF59360F21819AE5A562191DB39CA61CB90
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: fabs$Transform_transform@12
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3810233683-0
                                                                                                                                                                                                  • Opcode ID: a072b17d71540f5f380b881ad397ea6356d126c7a7619cbe63102a4f3eae7f8f
                                                                                                                                                                                                  • Instruction ID: 2a1943b5e61ac36361c791c7241c57da337580c7ff7ff7db356213bd56dbfb67
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a072b17d71540f5f380b881ad397ea6356d126c7a7619cbe63102a4f3eae7f8f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1251A371418A44FBC780BF28D598A9ABBF8FF85348F90596DF8C841260EF35D468CB52
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null ColorModel object,?,6B9D0FED,?,00000000,?,000001E0), ref: 6B9D0053
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(6B9D0FED,null nBits structure in CModel), ref: 6B9D00FD
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • null nBits structure in CModel, xrefs: 6B9D00F7
                                                                                                                                                                                                  • null ColorModel object, xrefs: 6B9D004D
                                                                                                                                                                                                  • java/awt/image/ColorModel, xrefs: 6B9D0246
                                                                                                                                                                                                  • Out of memory, xrefs: 6B9D0153
                                                                                                                                                                                                  • Unable to find default CM, xrefs: 6B9D028A
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow
                                                                                                                                                                                                  • String ID: Out of memory$Unable to find default CM$java/awt/image/ColorModel$null ColorModel object$null nBits structure in CModel
                                                                                                                                                                                                  • API String ID: 473278687-1597489467
                                                                                                                                                                                                  • Opcode ID: bb0bce07c3494823b77326c526645da1c425685019105e46dd1d5e77f9db1fdf
                                                                                                                                                                                                  • Instruction ID: d3a090ce3e019efa01f1b509c9b521d967344dbf9cee444a18adacfc1a77831b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bb0bce07c3494823b77326c526645da1c425685019105e46dd1d5e77f9db1fdf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0B1BF71604A009FC755CF29D8D0EAB77F9EFCA310B2081ADE9588B345C739E842CBA1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9CEE56
                                                                                                                                                                                                  • _JNU_IsInstanceOfByName@12.JAVA(00000000,?,com/sun/java/swing/plaf/windows/WindowsPopupWindow,00000001), ref: 6B9CEEF0
                                                                                                                                                                                                    • Part of subcall function 6B99EC30: _JNU_GetEnv@8.JAVA(00010002,00000000,00000000,00000000,6B9CC50C,?,00010002), ref: 6B99EC40
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8$InstanceName@12
                                                                                                                                                                                                  • String ID: COMBOBOX_POPUP_WINDOW_TYPE$MENU_WINDOW_TYPE$POPUPMENU_WINDOW_TYPE$SUBMENU_WINDOW_TYPE$TOOLTIP_WINDOW_TYPE$UNDEFINED_WINDOW_TYPE$com/sun/java/swing/plaf/windows/WindowsPopupWindow$windowType
                                                                                                                                                                                                  • API String ID: 4055069336-3059720911
                                                                                                                                                                                                  • Opcode ID: b04eff8644391dd19e6602bdd2339a75ca1f7269fdf2110926c4ae5df96a85e9
                                                                                                                                                                                                  • Instruction ID: de88501c0c2d8ffe61b47c608adc696750b4282381718bf4b1a763ae004ced8b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b04eff8644391dd19e6602bdd2339a75ca1f7269fdf2110926c4ae5df96a85e9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 78A12771604205AFDB40DFA4CC8AFAEBBBCEF49304F548069F505A6281D778D946CB66
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 6B993B9F: GetCurrentThreadId.KERNEL32 ref: 6B993B9F
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B996AF9
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData,?,00010002), ref: 6B996B75
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,00010002), ref: 6B996CC8
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@CurrentEnv@8Exception@8NullPointerThreadThrow
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 1717875540-751156914
                                                                                                                                                                                                  • Opcode ID: 5865755ee4809b287d01863328e8ab94503dc48abd246cb0c900e08b21f6d21b
                                                                                                                                                                                                  • Instruction ID: 24a40146f3abc02ead9da8f1f1715b8ab41f9664dc027a32bbb6fcad413227ba
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5865755ee4809b287d01863328e8ab94503dc48abd246cb0c900e08b21f6d21b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A715671904308DFDF609FF5C844A9EBBB9EF49314F14852AE525AB250E739E845CF90
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9B2E8F
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B9B2F13
                                                                                                                                                                                                  • getJavaIDFromLangID.JAVA(?), ref: 6B9B2F34
                                                                                                                                                                                                  • strcmp.MSVCR100 ref: 6B9B2F4E
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B9B2F5A
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B9B2FEF
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B9B3011
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B9B3016
                                                                                                                                                                                                  • _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B9B3037
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: free$ExceptionThrow$CreateCurrentEnv@8EventFromH_prolog3_catchJavaLangObjectSingleThreadWaitstrcmp
                                                                                                                                                                                                  • String ID: java/util/Locale
                                                                                                                                                                                                  • API String ID: 2790792904-3098095476
                                                                                                                                                                                                  • Opcode ID: 78a92c452e38615f4b2998ef0846bf17f60d4919f8f06504566a7ceadcb573d2
                                                                                                                                                                                                  • Instruction ID: 7d68c0f87013a0b28638b9767468fa6b108827f75d0885d4095aed0fe32d9366
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 78a92c452e38615f4b2998ef0846bf17f60d4919f8f06504566a7ceadcb573d2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8051AF71908619DFCF129FA4C8849EFBFB8FF5A314B21415AE451B7150CB39D942CBA1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • strncmp.MSVCR100 ref: 6B96C907
                                                                                                                                                                                                  • sprintf.MSVCR100 ref: 6B96C953
                                                                                                                                                                                                  • sprintf.MSVCR100 ref: 6B96C984
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,OGLPaints_CreateMultiGradProgram: error creating program), ref: 6B96C9A5
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: sprintf$ImplTracestrncmp
                                                                                                                                                                                                  • String ID: ATI$OGLPaints_CreateMultiGradProgram: error creating program$colors$dist = gl_TexCoord[0].s;$mask$result *= texture2D(mask, gl_TexCoord[0].st);
                                                                                                                                                                                                  • API String ID: 3811402655-2533435260
                                                                                                                                                                                                  • Opcode ID: 0d36b68fe092f510039fb7602b8241652e0c0093fb1b252543ee9a3783c85922
                                                                                                                                                                                                  • Instruction ID: 24ae64160d4b236414e86318c41edfe23285b46617904b900c50df367bf0aa67
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d36b68fe092f510039fb7602b8241652e0c0093fb1b252543ee9a3783c85922
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC410871A08300ABE710CF64C846B9B77F8AFD9385F84841DF59497281E73DD442CBA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DPPLM::CheckForBadHardware: found matching hardware: VendorId=0x%04x DeviceId=0x%04x,?,?), ref: 6B9387A1
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001, bad driver found, device disabled), ref: 6B9387BB
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001, update your driver to at least version %d.%d.%d.%d,FFFFFFFF,00000000,FFFFFFFF,?,00000001,00000001, bad driver found, device disabled), ref: 6B9387D9
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DPPLM::CheckForBadHardware: bad hardware found, device disabled), ref: 6B9387EC
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000002,00000001, Warning: hw/driver match overridden (via J2D_D3D_NO_HWCHECK)), ref: 6B938806
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • update your driver to at least version %d.%d.%d.%d, xrefs: 6B9387D0
                                                                                                                                                                                                  • D3DPPLM::CheckForBadHardware: bad hardware found, device disabled, xrefs: 6B9387E3
                                                                                                                                                                                                  • D3DPPLM::CheckForBadHardware: found matching hardware: VendorId=0x%04x DeviceId=0x%04x, xrefs: 6B938798
                                                                                                                                                                                                  • Warning: hw/driver match overridden (via J2D_D3D_NO_HWCHECK), xrefs: 6B9387FD
                                                                                                                                                                                                  • bad driver found, device disabled, xrefs: 6B9387B2
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Trace$Impl$fprintf$Init@0fflushvfprintf
                                                                                                                                                                                                  • String ID: Warning: hw/driver match overridden (via J2D_D3D_NO_HWCHECK)$ bad driver found, device disabled$ update your driver to at least version %d.%d.%d.%d$D3DPPLM::CheckForBadHardware: bad hardware found, device disabled$D3DPPLM::CheckForBadHardware: found matching hardware: VendorId=0x%04x DeviceId=0x%04x
                                                                                                                                                                                                  • API String ID: 1961874229-1460756124
                                                                                                                                                                                                  • Opcode ID: e2fd1a83b6312543208073d099609b12a07d78e1433ee6fd6f965afac2700126
                                                                                                                                                                                                  • Instruction ID: b5350b433ca24b84b2eb71142d24955e5ca6f50ed5bc4f1899a16aac7c629872
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e2fd1a83b6312543208073d099609b12a07d78e1433ee6fd6f965afac2700126
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E2109716243206FEB2496258CC1F9733D9AF80B28F010676F565E61E2E7AED14583B2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,OGLContext_IsExtensionAvailable: extension string is null,00000000,?,6B96AD05,00000000,GL_ARB_fragment_shader), ref: 6B96AA68
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  • strlen.MSVCR100 ref: 6B96AA79
                                                                                                                                                                                                  • strcspn.MSVCR100 ref: 6B96AA96
                                                                                                                                                                                                  • strlen.MSVCR100 ref: 6B96AA9F
                                                                                                                                                                                                  • strncmp.MSVCR100 ref: 6B96AAAE
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsExtensionAvailable: %s=%s,?,false,00000000,6B98D391,?,?,?,?,WGLGraphicsConfig_getWGLConfigInfo), ref: 6B96AAD7
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Trace$Implfprintfstrlen$Init@0fflushstrcspnstrncmpvfprintf
                                                                                                                                                                                                  • String ID: OGLContext_IsExtensionAvailable: %s=%s$OGLContext_IsExtensionAvailable: extension string is null$false$true
                                                                                                                                                                                                  • API String ID: 768495179-2176556697
                                                                                                                                                                                                  • Opcode ID: deb5ddfa84e6b1e99c1d4d8bd321a1019ea3e9e550e3c01bba817e7417154bb2
                                                                                                                                                                                                  • Instruction ID: 4167e7aacb0349f5d6c0eb3929b39a7bd73b8b6d93fc342850103e4731dd6c95
                                                                                                                                                                                                  • Opcode Fuzzy Hash: deb5ddfa84e6b1e99c1d4d8bd321a1019ea3e9e550e3c01bba817e7417154bb2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD016B329447217BE62266294C85FCBB3DDDF82399F06402AFD85A3601F32EE95542B2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97E9C4: getenv.MSVCR100 ref: 6B97E9D4
                                                                                                                                                                                                    • Part of subcall function 6B97E9C4: sscanf.MSVCR100 ref: 6B97E9F0
                                                                                                                                                                                                    • Part of subcall function 6B97E9C4: getenv.MSVCR100 ref: 6B97EA0F
                                                                                                                                                                                                    • Part of subcall function 6B97E9C4: fopen.MSVCR100 ref: 6B97EA1E
                                                                                                                                                                                                    • Part of subcall function 6B97E9C4: printf.MSVCR100 ref: 6B97EA35
                                                                                                                                                                                                    • Part of subcall function 6B97E9C4: __iob_func.MSVCR100 ref: 6B97EA46
                                                                                                                                                                                                  • fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                  • vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                  • fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                  • fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: fprintfgetenv$Init@0Trace__iob_funcfflushfopenprintfsscanfvfprintf
                                                                                                                                                                                                  • String ID: [E] $[I] $[V] $[W] $[X]
                                                                                                                                                                                                  • API String ID: 3824705280-1883721685
                                                                                                                                                                                                  • Opcode ID: 2ef353587a37d743f22bebafd865c1eae35327212f20c8e52fc67d88c5006f3d
                                                                                                                                                                                                  • Instruction ID: df1c834b1d29ff70dc316d0f6d234d2ffe97b73f2429fb3ee704179df691322c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2ef353587a37d743f22bebafd865c1eae35327212f20c8e52fc67d88c5006f3d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8001573102CE18FAEFAABB549806BD437ACFB42255F428072E81095091E62CE5968B62
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _GetNativePrim@8.AWT(?,?), ref: 6B9244E2
                                                                                                                                                                                                    • Part of subcall function 6B94F1F0: _JNU_ThrowInternalError@8.JAVA(?,Non-native Primitive invoked natively,?,?,6B924157,?,?), ref: 6B94F219
                                                                                                                                                                                                  • _Region_GetInfo@12.AWT(?,?,?,?,?), ref: 6B924515
                                                                                                                                                                                                  • _SurfaceData_GetOps@8.AWT(?,?,?,?,?,?,?), ref: 6B924528
                                                                                                                                                                                                  • _SurfaceData_GetOps@8.AWT(?,?,?,?,?,?,?,?,?), ref: 6B92453D
                                                                                                                                                                                                  • _SurfaceData_IntersectBounds@8.AWT(?,?,?,?,?,?,?,?,?,?,?), ref: 6B9245BF
                                                                                                                                                                                                  • _SurfaceData_IntersectBlitBounds@16.AWT(?,?,?,?), ref: 6B92461F
                                                                                                                                                                                                  • _SurfaceData_IntersectBounds@8.AWT(?,?,?,?,?,?), ref: 6B924631
                                                                                                                                                                                                  • _Region_StartIteration@8.AWT(?,?), ref: 6B9246E0
                                                                                                                                                                                                  • _Region_NextIteration@8.AWT(?,?,?,?), ref: 6B9246F2
                                                                                                                                                                                                  • _Region_NextIteration@8.AWT(?,?), ref: 6B92478E
                                                                                                                                                                                                  • _Region_EndIteration@8.AWT(?,?,?,?,?,?), ref: 6B9247A4
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Data_Region_Surface$Iteration@8$Intersect$Bounds@8NextOps@8$BlitBounds@16Error@8Info@12InternalNativePrim@8StartThrow
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 662380520-0
                                                                                                                                                                                                  • Opcode ID: e456aaf6a884130c3eb437960e3a1c0abe43e854ef5888c7b7292019cc0a43bc
                                                                                                                                                                                                  • Instruction ID: ecc6ab42549bc7e8c26abfb4ab99b7e25472d2297f4b5efa0d731b4f168a140b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e456aaf6a884130c3eb437960e3a1c0abe43e854ef5888c7b7292019cc0a43bc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53B1F671618341AFD324DF54C880EABB7E9FFC9304F00892DE69987214E774EA45CBA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _GetNativePrim@8.AWT(?,?), ref: 6B924152
                                                                                                                                                                                                    • Part of subcall function 6B94F1F0: _JNU_ThrowInternalError@8.JAVA(?,Non-native Primitive invoked natively,?,?,6B924157,?,?), ref: 6B94F219
                                                                                                                                                                                                  • _Region_GetInfo@12.AWT(?,?,?,?,?), ref: 6B924185
                                                                                                                                                                                                  • _SurfaceData_GetOps@8.AWT(?,?,?,?,?,?,?), ref: 6B924198
                                                                                                                                                                                                  • _SurfaceData_GetOps@8.AWT(?,?,?,?,?,?,?,?,?), ref: 6B9241B1
                                                                                                                                                                                                  • _SurfaceData_IntersectBounds@8.AWT(?,?,?,?,?,?,?,?,?,?,?), ref: 6B92422F
                                                                                                                                                                                                  • _SurfaceData_IntersectBlitBounds@16.AWT(?,?,?,?), ref: 6B924290
                                                                                                                                                                                                  • _SurfaceData_IntersectBounds@8.AWT(?,?,?,?,?,?), ref: 6B9242A2
                                                                                                                                                                                                  • _Region_StartIteration@8.AWT(?,?), ref: 6B924326
                                                                                                                                                                                                  • _Region_NextIteration@8.AWT(?,?,?,?), ref: 6B924338
                                                                                                                                                                                                  • _Region_NextIteration@8.AWT(?,?), ref: 6B9243D4
                                                                                                                                                                                                  • _Region_EndIteration@8.AWT(?,?,?,?,?,?), ref: 6B9243EE
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Data_Region_Surface$Iteration@8$Intersect$Bounds@8NextOps@8$BlitBounds@16Error@8Info@12InternalNativePrim@8StartThrow
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 662380520-0
                                                                                                                                                                                                  • Opcode ID: ae70705953d83ec31dd8133f70be79ee017c3fdcc42f6abfe7d71c3c0313b990
                                                                                                                                                                                                  • Instruction ID: ee66d7015629016fb670cb2eada6e7e920bb57143f4af64e3856999474ac2e03
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ae70705953d83ec31dd8133f70be79ee017c3fdcc42f6abfe7d71c3c0313b990
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9A1F771508345AFD724DF54C890EABB7E9BFC9704F04891DE69987204E734EA05CBA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9B2CE0
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • getJavaIDFromLangID.JAVA(00000000), ref: 6B9B2D1B
                                                                                                                                                                                                  • strcmp.MSVCR100 ref: 6B9B2D29
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B9B2D42
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B9B2D4E
                                                                                                                                                                                                  • getJavaIDFromLangID.JAVA(00000000), ref: 6B9B2DD8
                                                                                                                                                                                                  • strcmp.MSVCR100 ref: 6B9B2DE9
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B9B2E1D
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B9B2E37
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B9B2E49
                                                                                                                                                                                                  • _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B9B2E6D
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: free$ExceptionFromJavaLangThrowstrcmp$CreateCurrentEnv@8EventH_prolog3_catchObjectSingleThreadWait
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4251823016-0
                                                                                                                                                                                                  • Opcode ID: 980cb9ec9c8a55df98583647112ffc07ae97efa25cb92702d9d36ba5e786b885
                                                                                                                                                                                                  • Instruction ID: f8597196374eebc226db4af0c10b6233125b843731c2c38487abd8ff8b8c4bc3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 980cb9ec9c8a55df98583647112ffc07ae97efa25cb92702d9d36ba5e786b885
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C941D13690860AAFDF019FB5C849AEF7BBCEF4A319F000459F9109A290DB3CC455CB61
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • calloc.MSVCR100 ref: 6B9B0AAB
                                                                                                                                                                                                  • _JNU_ThrowOutOfMemoryError@8.JAVA(?,Out of memory), ref: 6B9B0AC0
                                                                                                                                                                                                    • Part of subcall function 6B9D03B0: free.MSVCR100 ref: 6B9D03C7
                                                                                                                                                                                                    • Part of subcall function 6B9D03B0: free.MSVCR100 ref: 6B9D03D4
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: free$Error@8MemoryThrowcalloc
                                                                                                                                                                                                  • String ID: Out of memory
                                                                                                                                                                                                  • API String ID: 2512986758-696950042
                                                                                                                                                                                                  • Opcode ID: 9086a6f35a3820cf0eeca8c2681221adcf30530ef7a91335213aeb8d54266a0e
                                                                                                                                                                                                  • Instruction ID: e2fcaabdec465c8d8b16ee4700715ec6424fe02f517d83874822a865c885bfd1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9086a6f35a3820cf0eeca8c2681221adcf30530ef7a91335213aeb8d54266a0e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20F18A71608305AFD710CF28C981F5BB7E9BB98708F148A1CF98997241D779E945CBA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch_GS.LIBCMT ref: 6B9AA7D8
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002,00000050), ref: 6B9AA7F1
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData), ref: 6B9AA846
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8Exception@8H_prolog3_catch_NullPointerThrow
                                                                                                                                                                                                  • String ID: null pData$sun/awt/EmbeddedFrame$sun/awt/LightweightFrame$sun/awt/im/InputMethodWindow$target
                                                                                                                                                                                                  • API String ID: 3315183838-4176993869
                                                                                                                                                                                                  • Opcode ID: 36af77a7b42948c3f93bb6241377e5036b8892d8eb4a42ae5ce25a0d95162b5d
                                                                                                                                                                                                  • Instruction ID: d257803e61dabc3820afc7eb18c14b969a162b8b490dbbe4dc945fd2993cc121
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 36af77a7b42948c3f93bb6241377e5036b8892d8eb4a42ae5ce25a0d95162b5d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4DF12675905208EFEB428FA4C848EEEBBBAFF09304F108059F954A6251D739D952DF61
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B98E2E1
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B98E314
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B98E330
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B98E33E
                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 6B98E393
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B98E3D6
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B98E3E4
                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 6B98E488
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _control87$FreeGlobal$CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                                                                                                                                  • String ID: WINSPOOL
                                                                                                                                                                                                  • API String ID: 158622547-435376181
                                                                                                                                                                                                  • Opcode ID: c6fd89e282fd4d5cabb1354a0ccbe9955d07ad1af8286df6952592698a8bb92b
                                                                                                                                                                                                  • Instruction ID: 1d50cadff891dac4bf1f599b0ee4e51bdb8e42afd0c953ed6e3fd3a12a3c80cf
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c6fd89e282fd4d5cabb1354a0ccbe9955d07ad1af8286df6952592698a8bb92b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0515871D0421AEFDF009FA0DD899AEBFB4FF08355F108466FA14A6260D7398961DFA1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B99C47E
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00002042,00000000), ref: 6B99C4AC
                                                                                                                                                                                                  • _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B99C4CE
                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 6B99C4D8
                                                                                                                                                                                                  • wcslen.MSVCR100 ref: 6B99C5C0
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionGlobalThrow$AllocCreateCurrentEnv@8EventH_prolog3_catchLockObjectSingleThreadWaitwcslen
                                                                                                                                                                                                  • String ID: java/lang/String
                                                                                                                                                                                                  • API String ID: 1300967025-1252039224
                                                                                                                                                                                                  • Opcode ID: 52e8f762c316d57bdd99eb05d7bda1a5cfcca1aef255abc89fba5e66b95fb3fc
                                                                                                                                                                                                  • Instruction ID: b112ba5a61f44a94df6dfd661d1afe2e43d539d02e05b686530dbf9b9d23780f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 52e8f762c316d57bdd99eb05d7bda1a5cfcca1aef255abc89fba5e66b95fb3fc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A451BE75908249AFDB01EFA4DC88DEF7B79EF89304F144869F811A2241C739C91ACF21
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Error:%08x in E_INVALIDARG, xrefs: 6B9A4F1D
                                                                                                                                                                                                  • Error:%08x in spSrc->Stat(&si, STATFLAG_NONAME ), xrefs: 6B9A4F82
                                                                                                                                                                                                  • Error:%08x in spSrc->CopyTo(spDst, si.cbSize, NULL, NULL), xrefs: 6B9A4FAE
                                                                                                                                                                                                  • Error:%08x in SHCreateStreamOnFile( pFileName, STGM_WRITE | STGM_CREATE, &spDst ), xrefs: 6B9A4F42
                                                                                                                                                                                                  • Error:%08x in CreateStreamOnHGlobal( stgmedium.hGlobal, FALSE, &spSrc ), xrefs: 6B9A4EF5
                                                                                                                                                                                                  • Error:%08x in ExtractNativeData(CF_FILECONTENTS, lIndex, &stgmedium), xrefs: 6B9A4EBD
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog3_catch__com_raise_errormemset
                                                                                                                                                                                                  • String ID: Error:%08x in CreateStreamOnHGlobal( stgmedium.hGlobal, FALSE, &spSrc )$Error:%08x in E_INVALIDARG$Error:%08x in ExtractNativeData(CF_FILECONTENTS, lIndex, &stgmedium)$Error:%08x in SHCreateStreamOnFile( pFileName, STGM_WRITE | STGM_CREATE, &spDst )$Error:%08x in spSrc->CopyTo(spDst, si.cbSize, NULL, NULL)$Error:%08x in spSrc->Stat(&si, STATFLAG_NONAME )
                                                                                                                                                                                                  • API String ID: 2483397267-3596637406
                                                                                                                                                                                                  • Opcode ID: 3d5e58938051d24d053c26759946034e5dfe9179c6ffbe86c098ce89fafe9b75
                                                                                                                                                                                                  • Instruction ID: 6f02ec12e3f54c27c9fa0dd8b6abebc9c13b993143f43a61ee0dd02c72d86cbc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d5e58938051d24d053c26759946034e5dfe9179c6ffbe86c098ce89fafe9b75
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F6416971C05258EFCB10DFE48C88A9EBBB9AB45318F204569F505AB240CB39DD46CFA1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,?,?,?,6B9C6A41,00000001,C7CC4567,?,?,?,?,?,6B9D8140,000000FF), ref: 6B9C3B8E
                                                                                                                                                                                                  • _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B9C3BC6
                                                                                                                                                                                                  • _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B9C3BFB
                                                                                                                                                                                                  • _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B9C3C2F
                                                                                                                                                                                                  • _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B9C3C69
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionThrow$Env@8
                                                                                                                                                                                                  • String ID: ()V$notifyToolkitThreadBusy$notifyToolkitThreadFree$sun/awt/AWTAutoShutdown
                                                                                                                                                                                                  • API String ID: 3627391958-482568847
                                                                                                                                                                                                  • Opcode ID: 10430d1677e42d836a63449017660705865cad2fbc69ababae622d7b847da16a
                                                                                                                                                                                                  • Instruction ID: 1289436e745a03f3b9c2b0ef30336797552864e6f0d42315f0dfa44367184f49
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 10430d1677e42d836a63449017660705865cad2fbc69ababae622d7b847da16a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19318E3120D600ABC755CF68CD81E9B7BA9AFEA304790845CF95487242E739D907CBA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9B8308
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                                                                                                                                  • String ID: (Ljava/lang/Object;)Lsun/awt/windows/WObjectPeer;$Ljava/lang/Error;$Ljava/lang/Object;$createError$destroyed$getPeerForTarget$pData$target
                                                                                                                                                                                                  • API String ID: 2376344244-897352690
                                                                                                                                                                                                  • Opcode ID: 5dc2b2e9094c2bf915dba0cf67e813c5dd320a476f92e629485ebe8253bb93c0
                                                                                                                                                                                                  • Instruction ID: 42ed70acf86fa4bc939b28ee05a9bcb63d3197531de2f23ebb33e56797c70ce8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5dc2b2e9094c2bf915dba0cf67e813c5dd320a476f92e629485ebe8253bb93c0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8115B34204742ABEB50DF2A888DF9B7BF8AF86315B1484A9B88497301CB3CD442CF35
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B99E073
                                                                                                                                                                                                    • Part of subcall function 6B99DA79: wcscmp.MSVCR100 ref: 6B99DB11
                                                                                                                                                                                                    • Part of subcall function 6B99DA79: _JNU_GetEnv@8.JAVA(00010002), ref: 6B99DB33
                                                                                                                                                                                                    • Part of subcall function 6B99DA79: wcslen.MSVCR100 ref: 6B99DB3F
                                                                                                                                                                                                    • Part of subcall function 6B99DA79: free.MSVCR100 ref: 6B99DB56
                                                                                                                                                                                                    • Part of subcall function 6B99DA79: ??3@YAXPAX@Z.MSVCR100(?), ref: 6B99DBA8
                                                                                                                                                                                                    • Part of subcall function 6B99DA79: _CxxThrowException.MSVCR100(?,?), ref: 6B99DBC4
                                                                                                                                                                                                    • Part of subcall function 6B99DA79: wcslen.MSVCR100 ref: 6B99DB67
                                                                                                                                                                                                    • Part of subcall function 6B99DA79: _JNU_GetEnv@8.JAVA(00010002), ref: 6B99DBF7
                                                                                                                                                                                                    • Part of subcall function 6B99DA79: wcslen.MSVCR100 ref: 6B99DC01
                                                                                                                                                                                                    • Part of subcall function 6B99DA79: _JNU_GetEnv@8.JAVA(00010002), ref: 6B99DC1E
                                                                                                                                                                                                    • Part of subcall function 6B99DA79: _JNU_GetEnv@8.JAVA(00010002), ref: 6B99DC56
                                                                                                                                                                                                    • Part of subcall function 6B99DA79: _JNU_GetEnv@8.JAVA(00010002), ref: 6B99DC69
                                                                                                                                                                                                    • Part of subcall function 6B99DA79: ??3@YAXPAX@Z.MSVCR100(?), ref: 6B99DC78
                                                                                                                                                                                                    • Part of subcall function 6B99DA79: _JNU_GetEnv@8.JAVA(00010002), ref: 6B99DB81
                                                                                                                                                                                                    • Part of subcall function 6B99DA79: wcslen.MSVCR100 ref: 6B99DB8B
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8$wcslen$??3@$ExceptionH_prolog3_catchThrowfreewcscmp
                                                                                                                                                                                                  • String ID: DISPLAY$win.ansiFixed.font$win.ansiVar.font$win.defaultGUI.font$win.deviceDefault.font$win.oemFixed.font$win.system.font$win.systemFixed.font
                                                                                                                                                                                                  • API String ID: 912931181-1074128842
                                                                                                                                                                                                  • Opcode ID: 0fffd78231a0de6b449bc6c85608f7e926b072be9891407dd032e96558ef4bc0
                                                                                                                                                                                                  • Instruction ID: b6fc44c2834d5f1ce027d1fb9ef8ff193f790b63249cae30b76cd5694e658bea
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0fffd78231a0de6b449bc6c85608f7e926b072be9891407dd032e96558ef4bc0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97018FA4B8621436E698BEB51CC7F7E168E5FE971CF8A400AB101763C1CA9CCC1203B1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: getenv$__iob_funcfopenprintfsscanf
                                                                                                                                                                                                  • String ID: J2D_TRACE_FILE$J2D_TRACE_LEVEL$[E]: Error opening trace file %s
                                                                                                                                                                                                  • API String ID: 3900815957-32029167
                                                                                                                                                                                                  • Opcode ID: e5d6f397811ed211f76eed6e1d86fe82c3b3aaa6a059777c2e57b354ce10e4b2
                                                                                                                                                                                                  • Instruction ID: 779e0672e0222a0f9f3755b01d7e387a06ff4933d85fe77cd55f19ef1d3b3c5f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e5d6f397811ed211f76eed6e1d86fe82c3b3aaa6a059777c2e57b354ce10e4b2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F801B53182CA21FFEB58AB65985D78577ECEF87261B204176E801D2181F734E942D671
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetStaticFieldByName@20.JAVA(?,00000000,sun/java2d/opengl/OGLSurfaceData,isLCDShaderEnabled,6B9D9480), ref: 6B96AC60
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsLCDShaderSupportAvailable: disabled via flag,?,00000000,sun/java2d/opengl/OGLSurfaceData,isLCDShaderEnabled,6B9D9480), ref: 6B96AC76
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsLCDShaderSupportAvailable: not enough tex units (%d),00000000), ref: 6B96ACA7
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000003,00000001,OGLContext_IsLCDShaderSupportAvailable: LCD text shader supported), ref: 6B96ACB8
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • OGLContext_IsLCDShaderSupportAvailable: LCD text shader supported, xrefs: 6B96ACAF
                                                                                                                                                                                                  • OGLContext_IsLCDShaderSupportAvailable: not enough tex units (%d), xrefs: 6B96AC9E
                                                                                                                                                                                                  • isLCDShaderEnabled, xrefs: 6B96AC53
                                                                                                                                                                                                  • sun/java2d/opengl/OGLSurfaceData, xrefs: 6B96AC58
                                                                                                                                                                                                  • OGLContext_IsLCDShaderSupportAvailable: disabled via flag, xrefs: 6B96AC6D
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Trace$Impl$fprintf$FieldInit@0Name@20Staticfflushvfprintf
                                                                                                                                                                                                  • String ID: OGLContext_IsLCDShaderSupportAvailable: LCD text shader supported$OGLContext_IsLCDShaderSupportAvailable: disabled via flag$OGLContext_IsLCDShaderSupportAvailable: not enough tex units (%d)$isLCDShaderEnabled$sun/java2d/opengl/OGLSurfaceData
                                                                                                                                                                                                  • API String ID: 3136869086-3733076949
                                                                                                                                                                                                  • Opcode ID: 9269a94b9662ead2ed95105491a473a97b52308d176dcbda00dd028840a619db
                                                                                                                                                                                                  • Instruction ID: e9eb806b80e693d1a6d476939b4f7cbbf90cdf7986eb25626b0b440ac2418e8c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9269a94b9662ead2ed95105491a473a97b52308d176dcbda00dd028840a619db
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9F0F6719443017BFA126A605C43F9933A86FE074CF408418F544752D1F3AED20A8333
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,private data), ref: 6B9785F9
                                                                                                                                                                                                  • _JNU_ThrowInternalError@8.JAVA(?,bad path delivery sequence), ref: 6B978612
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Throw$Error@8Exception@8InternalNullPointer
                                                                                                                                                                                                  • String ID: bad path delivery sequence$path segment data$private data
                                                                                                                                                                                                  • API String ID: 1693744675-460574378
                                                                                                                                                                                                  • Opcode ID: a99418752aaf4ba4c8dae942fed25c2ad2e776008f2a695e14bd8f41a868b401
                                                                                                                                                                                                  • Instruction ID: 1a5f1d9223174a4b0459a99f3f087aef110220437ba6e282c0d6c4f0580bfd9b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a99418752aaf4ba4c8dae942fed25c2ad2e776008f2a695e14bd8f41a868b401
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02911571618701EFC326AF16D58839BBFF0BF82780F524D88E1D2225A9D335D8758E86
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,private data), ref: 6B9783A9
                                                                                                                                                                                                  • _JNU_ThrowInternalError@8.JAVA(?,bad path delivery sequence), ref: 6B9783C2
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Throw$Error@8Exception@8InternalNullPointer
                                                                                                                                                                                                  • String ID: bad path delivery sequence$path segment data$private data
                                                                                                                                                                                                  • API String ID: 1693744675-460574378
                                                                                                                                                                                                  • Opcode ID: 755952d71bd45a26a7cc9c108830e932741f35e3b3c96ad444aa623930b61a3f
                                                                                                                                                                                                  • Instruction ID: 0628da707bbb01153ab6a98fcd9b0da82ccf6aea1431dab936dfef0e900e403d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 755952d71bd45a26a7cc9c108830e932741f35e3b3c96ad444aa623930b61a3f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B716B71A08701EFC326AE16D58829BBFF0FF81780F524D88E1C6615A9E335D4768F96
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT ref: 6B936DEF
                                                                                                                                                                                                  • ?GetAdapterOrdinalForScreen@D3DPipelineManager@@QAEIJ@Z.AWT(?), ref: 6B936E07
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(00000000,?,?), ref: 6B936E16
                                                                                                                                                                                                  • ?ConfigureContext@D3DContext@@QAEJPAU_D3DPRESENT_PARAMETERS_@@@Z.AWT(?), ref: 6B936E98
                                                                                                                                                                                                    • Part of subcall function 6B939CF0: ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,6B936C78,00000000,00000000,6B938ECD,00000000,00000000,00000000,00000000,00000000,?,6B936C78,00000000,00000000), ref: 6B939D21
                                                                                                                                                                                                    • Part of subcall function 6B939CF0: ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,6B936C78,00000000,00000000,6B938ECD,00000000,00000000,00000000,00000000,00000000,?,6B936C78,00000000,00000000), ref: 6B939D28
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • D3DGD_configDisplayModeNative: no 16-bit formats, xrefs: 6B936F78
                                                                                                                                                                                                  • D3DGD_configDisplayModeNative: unsupported depth: %d, xrefs: 6B936FAC
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Manager@@Pipeline$Context@$Context@@@Instance@$AdapterConfigureContext@@OrdinalS_@@@Screen@
                                                                                                                                                                                                  • String ID: D3DGD_configDisplayModeNative: no 16-bit formats$D3DGD_configDisplayModeNative: unsupported depth: %d
                                                                                                                                                                                                  • API String ID: 1996268019-1250672074
                                                                                                                                                                                                  • Opcode ID: 874edad4eecee8aba813a1dd43a64101132b04a79b8e7d05c6fc4a520fbb4bba
                                                                                                                                                                                                  • Instruction ID: f54887f2c958eff873b200c63d4f4a1c73d48d3302ccf822b846dc1d723cf7d0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 874edad4eecee8aba813a1dd43a64101132b04a79b8e7d05c6fc4a520fbb4bba
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A251D332A087109FD324DF65C881A6FB7E9EFD5704F50491DF69587240DB3AD805CBA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9CCA01
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null target), ref: 6B9CCBB7
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B9CCBC6
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                                                                                                                                  • String ID: null pData$null target$peer
                                                                                                                                                                                                  • API String ID: 2303478036-3834951249
                                                                                                                                                                                                  • Opcode ID: 6dd9ecafcce7c0f8fd50cf63287567311a0e8817ffea51a685379dc2ec0ddb6e
                                                                                                                                                                                                  • Instruction ID: d0cde5291f18a84783c7bad6c32b9ad6221d7b8f484009567354ef74fea89377
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6dd9ecafcce7c0f8fd50cf63287567311a0e8817ffea51a685379dc2ec0ddb6e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4512835A04204EFDB01DFA4C949EAEBFB5FF09300B1080A9F9449B251D735D981DFA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?D3DBlitLoops_IsoBlit@@YAJPAUJNIEnv_@@PAVD3DContext@@_J2EJEEJJJJNNNN@Z.AWT(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6B93A4FC
                                                                                                                                                                                                    • Part of subcall function 6B932D20: _SurfaceData_IntersectBoundsXYXY@20.AWT(?,00000000,00000000,?,?), ref: 6B932E02
                                                                                                                                                                                                    • Part of subcall function 6B939CF0: ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,6B936C78,00000000,00000000,6B938ECD,00000000,00000000,00000000,00000000,00000000,?,6B936C78,00000000,00000000), ref: 6B939D21
                                                                                                                                                                                                    • Part of subcall function 6B939CF0: ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,6B936C78,00000000,00000000,6B938ECD,00000000,00000000,00000000,00000000,00000000,?,6B936C78,00000000,00000000), ref: 6B939D28
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Manager@@Pipeline$Context@Context@@Context@@@Instance@$BlitBlit@@BoundsCallContext@@_Data_Env_@@IntersectLoops_MethodNameScene@SurfaceSync@Y@20
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 2645881695-1990820779
                                                                                                                                                                                                  • Opcode ID: 6a00785a259dae50e5dfafe3daac881acf59b61b3aafa9c504f6e26408942075
                                                                                                                                                                                                  • Instruction ID: 53df8507a9e09bcf37210419eed4c7fe0aa773758cbe653937296e3a157dd982
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6a00785a259dae50e5dfafe3daac881acf59b61b3aafa9c504f6e26408942075
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 85516CB56087109FDB64CB69C881A6BB3F9AFD9204F54891CF98983351D739EC06CB62
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,private data), ref: 6B978039
                                                                                                                                                                                                  • _JNU_ThrowInternalError@8.JAVA(?,bad path delivery sequence), ref: 6B978052
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Throw$Error@8Exception@8InternalNullPointer
                                                                                                                                                                                                  • String ID: bad path delivery sequence$path segment data$private data
                                                                                                                                                                                                  • API String ID: 1693744675-460574378
                                                                                                                                                                                                  • Opcode ID: 532aee4f91c3dd0244dc310837f17b425f8d1c9e4e0ac0e053ea3888e970de41
                                                                                                                                                                                                  • Instruction ID: 21f72ba4c974fec30554ba4a15d9a1f6f97407ebbbca4e7ad76fbe8976d95474
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 532aee4f91c3dd0244dc310837f17b425f8d1c9e4e0ac0e053ea3888e970de41
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0516B71609A01EFC321AF16D28829BBFF4FF81740F514C98E1C6229A9D335E4718E92
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9927AC
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9927D7
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null items,?,00010002), ref: 6B992831
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B992920
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                                                                                                                                  • String ID: null items$null pData$peer
                                                                                                                                                                                                  • API String ID: 3243432782-2031890214
                                                                                                                                                                                                  • Opcode ID: 35a7fbdd79b35e1ca861df9aa3afb3c922697c7ea703e73f76c74d9ddb5ad4b1
                                                                                                                                                                                                  • Instruction ID: e2deb2c81fa7f0c3421f2a36c6949b75582c9d6445e4d51640318a4d813acb20
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35a7fbdd79b35e1ca861df9aa3afb3c922697c7ea703e73f76c74d9ddb5ad4b1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79517931900609EFDB52AFA5CD89F9DBBB9FF09304F1440A5F941AA251C738D982CF65
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,private data), ref: 6B978209
                                                                                                                                                                                                  • _JNU_ThrowInternalError@8.JAVA(?,bad path delivery sequence), ref: 6B978222
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Throw$Error@8Exception@8InternalNullPointer
                                                                                                                                                                                                  • String ID: bad path delivery sequence$path segment data$private data
                                                                                                                                                                                                  • API String ID: 1693744675-460574378
                                                                                                                                                                                                  • Opcode ID: 793af0f2c6ccc48c8033cca2d89caf1efeb0607146568949436008e3266c2ed1
                                                                                                                                                                                                  • Instruction ID: bc93df17140942ad913f65d470e4c48a3e483c5a9b0b85d707733f2757519dec
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 793af0f2c6ccc48c8033cca2d89caf1efeb0607146568949436008e3266c2ed1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4415A31608601EFC722AF16E18825BBFF0FFC1780F524C98E0C6225A9D735D8768E92
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000002,00000001,OGLContext_CreateFragmentProgram: linker msg (%d):%s,00000001,?), ref: 6B96B0B8
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000002,00000001,OGLContext_CreateFragmentProgram: compiler msg (%d):%s,00000001,?), ref: 6B96B00B
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,OGLContext_CreateFragmentProgram: error compiling shader), ref: 6B96B023
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,OGLContext_CreateFragmentProgram: error linking shader), ref: 6B96B0D0
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • OGLContext_CreateFragmentProgram: compiler msg (%d):%s, xrefs: 6B96B002
                                                                                                                                                                                                  • OGLContext_CreateFragmentProgram: error compiling shader, xrefs: 6B96B01A
                                                                                                                                                                                                  • OGLContext_CreateFragmentProgram: linker msg (%d):%s, xrefs: 6B96B0AF
                                                                                                                                                                                                  • OGLContext_CreateFragmentProgram: error linking shader, xrefs: 6B96B0C7
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Trace$Impl$fprintf$Init@0fflushvfprintf
                                                                                                                                                                                                  • String ID: OGLContext_CreateFragmentProgram: compiler msg (%d):%s$OGLContext_CreateFragmentProgram: error compiling shader$OGLContext_CreateFragmentProgram: error linking shader$OGLContext_CreateFragmentProgram: linker msg (%d):%s
                                                                                                                                                                                                  • API String ID: 1961874229-1394464611
                                                                                                                                                                                                  • Opcode ID: ed7b25b1548c7c4e5d5e0958a61ef799d1232d1b7f8cb48e23c65d507fd64b76
                                                                                                                                                                                                  • Instruction ID: 05cdbfa412183458c375a4ad347b2446b632d4561d65e5d79787cd6a8c30d092
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed7b25b1548c7c4e5d5e0958a61ef799d1232d1b7f8cb48e23c65d507fd64b76
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B4171B1618341BFE6509B24CC8BFAF77ACAF89705F40C41CF64995080EB79D54A8B67
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9A6FC6
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,Can't access widths.), ref: 6B9A6FE7
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Throw$CreateCurrentEnv@8EventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                                                                                                                                  • String ID: Can't access str bytes.$Can't access widths array.$Can't access widths.$bytes argument$off or len argument
                                                                                                                                                                                                  • API String ID: 608574450-1927489194
                                                                                                                                                                                                  • Opcode ID: 3327c96b0990fb60ec7d84e2c5add836fa625f686d036f34de14437f2ead988d
                                                                                                                                                                                                  • Instruction ID: 9c7738ce3ef3bdfcd4eb818c443ca7439dbcc9c1c1638e6336d06edb6d72c2e7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3327c96b0990fb60ec7d84e2c5add836fa625f686d036f34de14437f2ead988d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA415C34504619EFCF22CFA4C889DAE7BB9EF8A305F20845AF94567210C739CA51CF62
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?SetTransform@D3DContext@@QAEJNNNNNN@Z.AWT ref: 6B93A74A
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@$Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@TraceTransform@
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 210851641-1990820779
                                                                                                                                                                                                  • Opcode ID: 5eedee5c59689fabf353941887d38fcccf4b484e897a9c2fe3b5796087b9278d
                                                                                                                                                                                                  • Instruction ID: 07f4e00a8ca4faa597a4daecc6783c5e139f7375f2c77b8baca244519240036b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5eedee5c59689fabf353941887d38fcccf4b484e897a9c2fe3b5796087b9278d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7931DD341042218BEB54DB31D8C1A2EB7B9FFC5208F994998D8C987361CB39D825C762
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 6B9BAEDB
                                                                                                                                                                                                  • wcscmp.MSVCR100 ref: 6B9BAF10
                                                                                                                                                                                                    • Part of subcall function 6B9BAE16: GlobalAlloc.KERNEL32(00000040,?,?,00000002,00000000,00000000,?,00000000,?,?,00000000,?,?,?,FILE:,6B9BAF1E), ref: 6B9BAE46
                                                                                                                                                                                                  • wcscmp.MSVCR100 ref: 6B9BAF24
                                                                                                                                                                                                  • wcslen.MSVCR100 ref: 6B9BAF32
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B9BAF7B
                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(?), ref: 6B9BAF88
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Global$wcscmp$AllocLockUnlockfreewcslen
                                                                                                                                                                                                  • String ID: FILE:$WINSPOOL
                                                                                                                                                                                                  • API String ID: 1126228227-481517341
                                                                                                                                                                                                  • Opcode ID: d317ff6d12adbd1c52e918c98d1c5effece4a5e02a64a7cc5b6abee8ef15976f
                                                                                                                                                                                                  • Instruction ID: c8a6f1b4c559e9e2f280f407d512ca5d3134a71cac2cccc371092c5b67ba1404
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d317ff6d12adbd1c52e918c98d1c5effece4a5e02a64a7cc5b6abee8ef15976f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B921B171408701EFDB016F26CC09A6B7BECFF86794F21886DF85491162EB39D915CB62
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?SetAlphaComposite@D3DContext@@QAEJJMJ@Z.AWT(?,?,?), ref: 6B93A6F8
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@$Manager@@Pipeline$AlphaCallComposite@Context@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 2729257672-1990820779
                                                                                                                                                                                                  • Opcode ID: 2aef29a30dbc468a8c4a604d268029af762634d03de4585a673fee6719a11577
                                                                                                                                                                                                  • Instruction ID: adca8bf4546b4caac120734e3e8aa92f82fcbd042e33dbbabfeba3275ac01a23
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2aef29a30dbc468a8c4a604d268029af762634d03de4585a673fee6719a11577
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 022100752042219FDE48CB35C8C1B7F33A9AFC5208F598958E84A97360DB39DC02CBA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?SetRectClip@D3DContext@@QAEJHHHH@Z.AWT(?,?,?,?), ref: 6B93A697
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@$Manager@@Pipeline$CallClip@Context@Context@@@ImplInstance@MethodNameRectScene@Sync@Trace
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 2935904073-1990820779
                                                                                                                                                                                                  • Opcode ID: edcad9b5794c997000abd1ad811f4d826d8add115e648a0c35aa8279f6817fc8
                                                                                                                                                                                                  • Instruction ID: 2f8dad4654e209e08a799af89e4135be693fd31994c903dd9a6c3903530541d3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: edcad9b5794c997000abd1ad811f4d826d8add115e648a0c35aa8279f6817fc8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C219C756043209FDE58CB35C8C1B2F73A9AFD5218F59855CE85987321DB39EC02CBA1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,OGLContext_SetSurfaces: texture cannot be used as destination), ref: 6B96A3AB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,OGLContext_SetSurfaces: could not init OGL window), ref: 6B96A3D8
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,OGLContext_SetSurfaces: ops are null), ref: 6B96A43B
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • OGLContext_SetSurfaces: ops are null, xrefs: 6B96A432
                                                                                                                                                                                                  • OGLContext_SetSurfaces: could not make context current, xrefs: 6B96A3F7
                                                                                                                                                                                                  • OGLContext_SetSurfaces: texture cannot be used as destination, xrefs: 6B96A3A2
                                                                                                                                                                                                  • OGLContext_SetSurfaces: could not init OGL window, xrefs: 6B96A3CF
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Trace$Impl$fprintf$Init@0fflushvfprintf
                                                                                                                                                                                                  • String ID: OGLContext_SetSurfaces: could not init OGL window$OGLContext_SetSurfaces: could not make context current$OGLContext_SetSurfaces: ops are null$OGLContext_SetSurfaces: texture cannot be used as destination
                                                                                                                                                                                                  • API String ID: 1961874229-3679325416
                                                                                                                                                                                                  • Opcode ID: 2bce57501785237bb1f8f320e79a1919dd2793f5ba33e64277c81d6e13106fbc
                                                                                                                                                                                                  • Instruction ID: 47a1fb195bf88ad3fddf954b5c00c14230565f5ac6c5536e86ad7fb4675757bd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2bce57501785237bb1f8f320e79a1919dd2793f5ba33e64277c81d6e13106fbc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46110462B4432027F71155792CC2FCB3399AFE17A9F0504A9F548A6181F38AC05552F2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DPPLM::CheckForBadHardware: found matching hardware: VendorId=0x%04x DeviceId=0x%04x,?,?), ref: 6B9387A1
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001, bad driver found, device disabled), ref: 6B9387BB
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001, update your driver to at least version %d.%d.%d.%d,FFFFFFFF,00000000,FFFFFFFF,?,00000001,00000001, bad driver found, device disabled), ref: 6B9387D9
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000002,00000001, Warning: hw/driver match overridden (via J2D_D3D_NO_HWCHECK)), ref: 6B938806
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • update your driver to at least version %d.%d.%d.%d, xrefs: 6B9387D0
                                                                                                                                                                                                  • D3DPPLM::CheckForBadHardware: found matching hardware: VendorId=0x%04x DeviceId=0x%04x, xrefs: 6B938798
                                                                                                                                                                                                  • Warning: hw/driver match overridden (via J2D_D3D_NO_HWCHECK), xrefs: 6B9387FD
                                                                                                                                                                                                  • bad driver found, device disabled, xrefs: 6B9387B2
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ImplTrace
                                                                                                                                                                                                  • String ID: Warning: hw/driver match overridden (via J2D_D3D_NO_HWCHECK)$ bad driver found, device disabled$ update your driver to at least version %d.%d.%d.%d$D3DPPLM::CheckForBadHardware: found matching hardware: VendorId=0x%04x DeviceId=0x%04x
                                                                                                                                                                                                  • API String ID: 2049967658-289879705
                                                                                                                                                                                                  • Opcode ID: dc98628983f72cbfc59c7dceda385bbcb13b6b9423fd051e70ee6f02bf37aeb4
                                                                                                                                                                                                  • Instruction ID: 754c54f5e207a115a9314264c928ee603f251ef5fa674f0b6bf9d1436265ab76
                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc98628983f72cbfc59c7dceda385bbcb13b6b9423fd051e70ee6f02bf37aeb4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C210A716143206FEB289A258CC1BA633A9BF8072CF010665F575D61E3E77EE151C362
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?HandleLostDevices@D3DPipelineManager@@QAEJXZ.AWT ref: 6B93A8D4
                                                                                                                                                                                                    • Part of subcall function 6B939140: memset.MSVCR100 ref: 6B93917C
                                                                                                                                                                                                    • Part of subcall function 6B939140: GetTickCount.KERNEL32 ref: 6B9391A4
                                                                                                                                                                                                    • Part of subcall function 6B939140: Sleep.KERNEL32(00000064), ref: 6B9391BB
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Manager@@Pipeline$Context@@$CallContext@Context@@@CountDevices@HandleImplInstance@LostMethodNameScene@SleepSync@TickTracememset
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 248119441-1990820779
                                                                                                                                                                                                  • Opcode ID: 26ddc44c47eb8341cc2a93f0f2eef79db42513dbf4661a8e5bf8e76c2036419a
                                                                                                                                                                                                  • Instruction ID: 85995ca9e6bdb61701b379d6c71950aeedc88f99ee007e4e5c30df58774a1a38
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 26ddc44c47eb8341cc2a93f0f2eef79db42513dbf4661a8e5bf8e76c2036419a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A321F2352042218FDF48CB35C8C2B2F33BAAFC5218F598558D80A8B361DB39DC02C761
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT ref: 6B93A8A9
                                                                                                                                                                                                    • Part of subcall function 6B934FB0: ?Render@D3DVertexCacher@@QAEJH@Z.AWT(00000000), ref: 6B934FC5
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@$Manager@@PipelineScene@$Cacher@@CallContext@Context@@@Instance@MethodNameRender@Sync@Vertex
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 3165823349-1990820779
                                                                                                                                                                                                  • Opcode ID: 1641cbc15e2b595654b173a1d7b9a4f94136a001ee87bbcbb34a04d1bebf80f2
                                                                                                                                                                                                  • Instruction ID: 1e25eccb44c13af0eb441163db9010d35a54d7e97e3a1d26b616362127282265
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1641cbc15e2b595654b173a1d7b9a4f94136a001ee87bbcbb34a04d1bebf80f2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1021B0756082214FDF48CB35C8C2B2E33A9AF95218F598558E8098B361DB39DC02CB61
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?RestoreState@D3DContext@@QAEJXZ.AWT ref: 6B93A906
                                                                                                                                                                                                    • Part of subcall function 6B9363B0: ?Render@D3DVertexCacher@@QAEJH@Z.AWT(00000000), ref: 6B9363BE
                                                                                                                                                                                                    • Part of subcall function 6B9363B0: ?UpdateState@D3DContext@@QAEJC@Z.AWT(00000000), ref: 6B9363C7
                                                                                                                                                                                                    • Part of subcall function 6B9363B0: memset.MSVCR100 ref: 6B936404
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@$Manager@@PipelineState@$Cacher@@CallContext@Context@@@ImplInstance@MethodNameRender@RestoreScene@Sync@TraceUpdateVertexmemset
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 307790130-1990820779
                                                                                                                                                                                                  • Opcode ID: f97d552c2e9a73b6d8b6036a0edaa1623ad653e794052cd89b85ee241eba3e53
                                                                                                                                                                                                  • Instruction ID: e36742caff4f96fc8cf39fce4ce195bbdad4120dde776e663c9ef86d37207119
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f97d552c2e9a73b6d8b6036a0edaa1623ad653e794052cd89b85ee241eba3e53
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E821F3352042214FDE48CB35C8C1B7E33E9AFD5218F598558D80A97361DB3DDC02C762
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?SaveState@D3DContext@@QAEJXZ.AWT ref: 6B93A8F4
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@$Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameSaveScene@State@Sync@Trace
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 3520596367-1990820779
                                                                                                                                                                                                  • Opcode ID: ee52e63ec889bf31499eb4bd76c037faa2af9eb79fc7ffad57eeaa95db7f4a7c
                                                                                                                                                                                                  • Instruction ID: d0578b7616385ea950af267dbe6801e65c5f3248934789ed34332cd0a8e4d742
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee52e63ec889bf31499eb4bd76c037faa2af9eb79fc7ffad57eeaa95db7f4a7c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9021F3352042214FDE48CB35C8C1B7E33A9AFD5218F598558D80A97361DB3DDC02C762
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?ResetComposite@D3DContext@@QAEJXZ.AWT ref: 6B93A712
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@$Manager@@Pipeline$CallComposite@Context@Context@@@ImplInstance@MethodNameResetScene@Sync@Trace
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 4174294933-1990820779
                                                                                                                                                                                                  • Opcode ID: db185f3db10a6976c6223bee411ddd7fcaa76a5435e5e5f7e232aadeadf66d74
                                                                                                                                                                                                  • Instruction ID: 1a01524c7df4aa12e34cac487e572e88b85a4bf25e1d583b1141556fecb1acb5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: db185f3db10a6976c6223bee411ddd7fcaa76a5435e5e5f7e232aadeadf66d74
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E021F3352042214FDE48CB35C8C1B7E33A9AFD5218F598558D80A9B361DB3DDC02C762
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?ResetTransform@D3DContext@@QAEJXZ.AWT ref: 6B93A75C
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@$Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameResetScene@Sync@TraceTransform@
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 968191137-1990820779
                                                                                                                                                                                                  • Opcode ID: c2640f0eab67d2fbaf151645154a2b59b65517c270e69f5767c131533862832f
                                                                                                                                                                                                  • Instruction ID: 6b98b71e01a2a515634657f08c6d0351d55ffd472e1b94f9b24633cc70e3c616
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2640f0eab67d2fbaf151645154a2b59b65517c270e69f5767c131533862832f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A021F3352042214FDE48CB35C8D1B7E33A9AFD5218F598558D80A97361DB3DDC02C762
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?EndShapeClip@D3DContext@@QAEJXZ.AWT ref: 6B93A6BB
                                                                                                                                                                                                    • Part of subcall function 6B935FB0: ?Render@D3DVertexCacher@@QAEJH@Z.AWT(00000000), ref: 6B935FBD
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@$Manager@@Pipeline$Cacher@@CallClip@Context@Context@@@ImplInstance@MethodNameRender@Scene@ShapeSync@TraceVertex
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 1108798451-1990820779
                                                                                                                                                                                                  • Opcode ID: af97a1be52f90542c47e1c3ba8bb343dd476a410c40b7a7aba4ea36b60db362c
                                                                                                                                                                                                  • Instruction ID: d88716384454123b22851e7cfbd161fb3f7a549cd5e1ba12188e11836e03fc8a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: af97a1be52f90542c47e1c3ba8bb343dd476a410c40b7a7aba4ea36b60db362c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7521D1352042218FDE48CB35C8C1B7E33A9AFD5218F598558D80A97361DB3DDC02C762
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?BeginShapeClip@D3DContext@@QAEJXZ.AWT ref: 6B93A6A9
                                                                                                                                                                                                    • Part of subcall function 6B936420: ?UpdateState@D3DContext@@QAEJC@Z.AWT(00000000), ref: 6B936425
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@$Manager@@Pipeline$BeginCallClip@Context@Context@@@ImplInstance@MethodNameScene@ShapeState@Sync@TraceUpdate
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 3565489745-1990820779
                                                                                                                                                                                                  • Opcode ID: 9d6286ac77f69eec464e9fcc2ac70b7a8a4f054073bf67c5e17482b46e63370e
                                                                                                                                                                                                  • Instruction ID: 52d44e13aae0d7823aa3f4cb4f6e028f0cc720bb15651341d9335a5782428f2e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d6286ac77f69eec464e9fcc2ac70b7a8a4f054073bf67c5e17482b46e63370e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1921F3356042214FDE48CB35C8C1B7E33E9AFD5218F598558D80A97361DB3DDC02C762
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?ResetClip@D3DContext@@QAEJXZ.AWT ref: 6B93A6CD
                                                                                                                                                                                                    • Part of subcall function 6B935F70: ?Render@D3DVertexCacher@@QAEJH@Z.AWT(00000000), ref: 6B935F7C
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@$Manager@@Pipeline$Cacher@@CallClip@Context@Context@@@ImplInstance@MethodNameRender@ResetScene@Sync@TraceVertex
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 2577611802-1990820779
                                                                                                                                                                                                  • Opcode ID: 495528120b4a3db252371c1e1cefe8c7a34bde6f7503343bd8b726a375fe3921
                                                                                                                                                                                                  • Instruction ID: 4926e166db355d6363f416b63404922a66b40cc72e8f1275774164e27a9846b8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 495528120b4a3db252371c1e1cefe8c7a34bde6f7503343bd8b726a375fe3921
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3321F3352042214FDE48CB35C8C1B7E33A9AFD5218F598558DC0A97361DB3DDC02CB62
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000004,00000000,true,?,?,?,?,00000000,00000004,?,?), ref: 6B98CE1B
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000004,00000000,false (large depth),?,?,00000000,?,00000000,00000004,?,?), ref: 6B98CE31
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000004,00000000,[V] pixfmt=%d db=%d alpha=%d depth=%d stencil=%d valid=,?,?,?,?,?), ref: 6B98CE04
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,WGLGC_GetPixelFormatForDC: could not find appropriate pixfmt), ref: 6B98CE60
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • [V] pixfmt=%d db=%d alpha=%d depth=%d stencil=%d valid=, xrefs: 6B98CDFB
                                                                                                                                                                                                  • true, xrefs: 6B98CE12
                                                                                                                                                                                                  • # , xrefs: 6B98CDC4
                                                                                                                                                                                                  • " , xrefs: 6B98CDBC
                                                                                                                                                                                                  • WGLGC_GetPixelFormatForDC: could not find appropriate pixfmt, xrefs: 6B98CE59
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Trace$Impl$fprintf$Init@0fflushvfprintf
                                                                                                                                                                                                  • String ID: " $# $WGLGC_GetPixelFormatForDC: could not find appropriate pixfmt$[V] pixfmt=%d db=%d alpha=%d depth=%d stencil=%d valid=$true
                                                                                                                                                                                                  • API String ID: 1961874229-1123049345
                                                                                                                                                                                                  • Opcode ID: 69bf653ddb2d5b533663bde9228cb635d57ed087c47d23938184f16a933ede4c
                                                                                                                                                                                                  • Instruction ID: 963335401046fff24d638dce89623d804ffb371ad3449726a130ab8eaffc524a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 69bf653ddb2d5b533663bde9228cb635d57ed087c47d23938184f16a933ede4c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E218072608340ABD320DF54D845B4BFBE8BFD8718F01491CF688A7280D6B9E9058BA3
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000004,00000000,true,?,?,?,?,00000000,00000004,?,?), ref: 6B98CE1B
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000004,00000000,false (large depth),?,?,00000000,?,00000000,00000004,?,?), ref: 6B98CE31
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000004,00000000,[V] pixfmt=%d db=%d alpha=%d depth=%d stencil=%d valid=,?,?,?,?,?), ref: 6B98CE04
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,WGLGC_GetPixelFormatForDC: could not find appropriate pixfmt), ref: 6B98CE60
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • [V] pixfmt=%d db=%d alpha=%d depth=%d stencil=%d valid=, xrefs: 6B98CDFB
                                                                                                                                                                                                  • true, xrefs: 6B98CE12
                                                                                                                                                                                                  • # , xrefs: 6B98CDC4
                                                                                                                                                                                                  • " , xrefs: 6B98CDBC
                                                                                                                                                                                                  • WGLGC_GetPixelFormatForDC: could not find appropriate pixfmt, xrefs: 6B98CE59
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Trace$Impl$fprintf$Init@0fflushvfprintf
                                                                                                                                                                                                  • String ID: " $# $WGLGC_GetPixelFormatForDC: could not find appropriate pixfmt$[V] pixfmt=%d db=%d alpha=%d depth=%d stencil=%d valid=$true
                                                                                                                                                                                                  • API String ID: 1961874229-1123049345
                                                                                                                                                                                                  • Opcode ID: 2a3a9290a8f8ff3c675c10225f297ed37d11805bcab7ddc672070d6ae64463cd
                                                                                                                                                                                                  • Instruction ID: 62df9b89eb18082250ec01ff229432fbb6f459b6f77e9c026da98aa001632b63
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a3a9290a8f8ff3c675c10225f297ed37d11805bcab7ddc672070d6ae64463cd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B0219272658300ABD320DF54D845F4BBBE8AFD8718F01491CF68467280D6B9E90587A3
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9A2409
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9A24B2
                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00002042,?), ref: 6B9A25B1
                                                                                                                                                                                                  • _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B9A25DB
                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 6B9A25E1
                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(?), ref: 6B9A2624
                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00002042,00000010), ref: 6B9A2718
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Global$AllocEnv@8ExceptionThrow$CreateCurrentEventH_prolog3_catchLockObjectSingleThreadUnlockWait
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3484944439-0
                                                                                                                                                                                                  • Opcode ID: 3ef7aceff99fc907349ce68369968b4ee533ab0da98adae2648fe89b741deb3f
                                                                                                                                                                                                  • Instruction ID: ef88394b763e05f11bda0acab7edeb09e30244727302f9f59c81233044afa628
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ef7aceff99fc907349ce68369968b4ee533ab0da98adae2648fe89b741deb3f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73C15635604205EFDB128F69C888F9ABBF9BF4A314F108499FD589B251DB38DA41CF61
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?IsTextureFilteringSupported@D3DContext@@QAEHW4_D3DTEXTUREFILTERTYPE@@@Z.AWT(00000001), ref: 6B932893
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DBlitToSurfaceViaTexture: could not init blit tile,00000100,00000100,?,?,00000001), ref: 6B93290D
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  • ?BeginScene@D3DContext@@QAEJC@Z.AWT(00000008,00000100,00000100,?,?,00000001), ref: 6B9329A0
                                                                                                                                                                                                  • ?SetTexture@D3DContext@@QAEJPAUIDirect3DTexture9@@K@Z.AWT(00000000,00000000,00000008,00000100,00000100,?,?,00000001), ref: 6B9329B2
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • D3DBlitToSurfaceViaTexture: could not init blit tile, xrefs: 6B932904
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@$Tracefprintf$BeginDirect3E@@@FilteringImplInit@0Scene@Supported@TextureTexture9@@Texture@fflushvfprintf
                                                                                                                                                                                                  • String ID: D3DBlitToSurfaceViaTexture: could not init blit tile
                                                                                                                                                                                                  • API String ID: 2142637201-2730297016
                                                                                                                                                                                                  • Opcode ID: 4b7dc30c0ac37c2687731ddd0a410f280bc9506cf374893b9b61fe0483cddc37
                                                                                                                                                                                                  • Instruction ID: c47497d06f499e777d1590c8c9efe0556011c80ac139fe1955ba5c5732892ff0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b7dc30c0ac37c2687731ddd0a410f280bc9506cf374893b9b61fe0483cddc37
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DDE17471A08345EBC364DF24D884B9ABBF4FFC8744F11894CF589A7294EB34D8648B92
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B99038E
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002,00000040), ref: 6B99039E
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,target), ref: 6B9903DE
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8Exception@8H_prolog3_catchNullPointerThrow
                                                                                                                                                                                                  • String ID: null pData$peer$target
                                                                                                                                                                                                  • API String ID: 1176200671-218633999
                                                                                                                                                                                                  • Opcode ID: 25aa39dc496896d42ad0a39002b46dc8c84773c8e537f84caa1938cb157c4b1a
                                                                                                                                                                                                  • Instruction ID: 892039d9a3c2d5088235813f128cdf499645a46065defe5d91eb5cc849047940
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 25aa39dc496896d42ad0a39002b46dc8c84773c8e537f84caa1938cb157c4b1a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D6813671D05208EFDF429FA4C889EEDBBB5FF09304F148069FA64A6220C7398952DF65
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9CE943
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002,00000024), ref: 6B9CE953
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null target), ref: 6B9CE9C5
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8Exception@8H_prolog3_catchNullPointerThrow
                                                                                                                                                                                                  • String ID: javax/swing/Popup$HeavyWeightWindow$null pData$null target
                                                                                                                                                                                                  • API String ID: 1176200671-4197837228
                                                                                                                                                                                                  • Opcode ID: 8e9ded3980f0881b2c2dd9a446d1e87610761bc7832309c84b49c6f0d4f28402
                                                                                                                                                                                                  • Instruction ID: e2dfb585a3fc54559b3a0ba2bdb146e8dc0ae3128dad6aa49252673d30f40598
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e9ded3980f0881b2c2dd9a446d1e87610761bc7832309c84b49c6f0d4f28402
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24614770904605EFDF01CFA4C889BAEBBB9FF09314F148069F90AAB251D3399951DF62
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 1221654457-1990820779
                                                                                                                                                                                                  • Opcode ID: 2c9133854a0b11a8d6b18e7c5520aba712bc9fed5abb4b397c4d601ec0de8668
                                                                                                                                                                                                  • Instruction ID: 4adbb6dff95c5f886a3a73c092bb9219e9a55f626b387afb066f6128da8bee4a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c9133854a0b11a8d6b18e7c5520aba712bc9fed5abb4b397c4d601ec0de8668
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30417831209350DFDB54CB25D8C0A2BBBF9AFC5304F5A894CE8C893255C738D821CB62
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@Instance@MethodNameScene@Sync@
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 33532861-1990820779
                                                                                                                                                                                                  • Opcode ID: 55cdbcf8c6f80f872737061cf5755b0e6ade7a908d9041965633695fa9a366af
                                                                                                                                                                                                  • Instruction ID: 893b950da40ecf5ff392e631021fb7e5aeb4657af5a0798fc68c92f928d3b9d9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 55cdbcf8c6f80f872737061cf5755b0e6ade7a908d9041965633695fa9a366af
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7441BB312083209FCB54CB25C8C1A6BB7E9EFD5304F99891CE98887361D639E811CB62
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9C28C8
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData), ref: 6B9C2922
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(00000000), ref: 6B9C295E
                                                                                                                                                                                                  • wcslen.MSVCR100 ref: 6B9C2997
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(00000000), ref: 6B9C29AD
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@$Env@8Exception@8NullPointerThrowwcslen
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2570329011-751156914
                                                                                                                                                                                                  • Opcode ID: 7beaa224e6edd974a2b9c658369f117c14480811a0b824017cb51f8b77328189
                                                                                                                                                                                                  • Instruction ID: fac0c9b726d3646cd7a51983e3656fe516f1ed6a5fa727b3ebe6adad88edbf79
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7beaa224e6edd974a2b9c658369f117c14480811a0b824017cb51f8b77328189
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1931B031205504FFCB029FB9CD8DD9EBBB9EF493047608469F545C7251DB39CA429B62
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 6B939CF0: ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,6B936C78,00000000,00000000,6B938ECD,00000000,00000000,00000000,00000000,00000000,?,6B936C78,00000000,00000000), ref: 6B939D21
                                                                                                                                                                                                    • Part of subcall function 6B939CF0: ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,6B936C78,00000000,00000000,6B938ECD,00000000,00000000,00000000,00000000,00000000,?,6B936C78,00000000,00000000), ref: 6B939D28
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Manager@@Pipeline$Context@Context@@Context@@@Instance@$CallImplMethodNameScene@Sync@Trace
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 3305118675-1990820779
                                                                                                                                                                                                  • Opcode ID: 4e3aafa81b0d3c4100975d575be3a1237efd3f05075858193268a5ebb132850f
                                                                                                                                                                                                  • Instruction ID: beacabe9f6bfbb5cf0eb9004af71edb8cc6aa45071deb3098d61c3e765e632f4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e3aafa81b0d3c4100975d575be3a1237efd3f05075858193268a5ebb132850f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D414D765043509FDA64CF25C881A2BF3FAEFD9214F59890DE99997320C735EC02CBA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 1221654457-1990820779
                                                                                                                                                                                                  • Opcode ID: 7d334168f868ff31735ae6de6757fdb086d7a1da34399722a61c9a9e00f2cc37
                                                                                                                                                                                                  • Instruction ID: a7bc32c941af69271b3a2397c5d0d45230269ff83a41dad3a16af0990500c169
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d334168f868ff31735ae6de6757fdb086d7a1da34399722a61c9a9e00f2cc37
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC41BC352093509FDB64CB25C8C1A6FBBF9AFC5208F59894CE8C997321D739D821CB62
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9AA1D7
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,IMMOption argument,?,00010002), ref: 6B9AA24C
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(00000000,?,00010002), ref: 6B9AA2C3
                                                                                                                                                                                                  • _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B9AA2E4
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Throw$??3@Env@8ExceptionException@8NullPointer
                                                                                                                                                                                                  • String ID: IMMOption argument$null pData$peer
                                                                                                                                                                                                  • API String ID: 4044272405-132805023
                                                                                                                                                                                                  • Opcode ID: 12849079da21d31996031cb88e7171c3aa714cb2d215c1c078ac6e73b6ede67d
                                                                                                                                                                                                  • Instruction ID: 9f7ae6df4aa2cdd27fed566d83b490d38d29ef1d11658ab009a1291577bbc57b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12849079da21d31996031cb88e7171c3aa714cb2d215c1c078ac6e73b6ede67d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9319E31504604FFDB129FA4C849F9E7BB9EF49315F1080A5FA409B221C73ADA928F61
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9CC790
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null title,?,00010002), ref: 6B9CC800
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(00000000,?,00010002), ref: 6B9CC85E
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B9CC87F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@$Env@8Exception@8NullPointerThrow
                                                                                                                                                                                                  • String ID: null pData$null title$peer
                                                                                                                                                                                                  • API String ID: 1011067124-266430175
                                                                                                                                                                                                  • Opcode ID: 13193b83b7f652d50fa864337a5e8ab445a64278ae77d5e2d91347be9c4be05a
                                                                                                                                                                                                  • Instruction ID: 463de50e1b30155b35ca7590e56739529d6f9d7b117aa53f8551be495ad004a3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 13193b83b7f652d50fa864337a5e8ab445a64278ae77d5e2d91347be9c4be05a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B131AC31604604BFCB119FA9C889E9F7BFCEF49304B1180A9F5459B221DB38D942CBA6
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9B633E
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002,00000018), ref: 6B9B634E
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null target), ref: 6B9B639C
                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 6B9B63CE
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData), ref: 6B9B644D
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$Env@8ErrorH_prolog3_catchLast
                                                                                                                                                                                                  • String ID: null pData$null target
                                                                                                                                                                                                  • API String ID: 183863312-3892037755
                                                                                                                                                                                                  • Opcode ID: 1ad044a2f70c4a7759fd6bf1e5aed817b9579fd602df0729e94648c6913be253
                                                                                                                                                                                                  • Instruction ID: d3105e2bde95455d63cd86f70de3ee6292f42ab6b3b42b62521cd282b30c6409
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ad044a2f70c4a7759fd6bf1e5aed817b9579fd602df0729e94648c6913be253
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1841C071904A05EFDF019F79C889E9EBBB5BF0A308F508469F945A7250C739DA81CFA1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 1221654457-1990820779
                                                                                                                                                                                                  • Opcode ID: 2b6085c5ecc03d41ae6bb505cf6ad15be61b8693aec2880e7244cfe7937422bd
                                                                                                                                                                                                  • Instruction ID: 03e61faa4741d16213d78e691a3dbfd6a35a73c6aceacdf3e81b455272af4f66
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b6085c5ecc03d41ae6bb505cf6ad15be61b8693aec2880e7244cfe7937422bd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7316E756047109FDB54CF26C8C1A2BB3FAAFD9214F59891CE94987321D739EC42CBA1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B990885
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9908AB
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B9908E9
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,00010002), ref: 6B99093D
                                                                                                                                                                                                  • _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B99095E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Throw$Exception@8NullPointer$??3@Env@8Exception
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 1048976382-751156914
                                                                                                                                                                                                  • Opcode ID: ac58c68d887aad1c54d770a838baa36e8a14966c2cf84b18afb9fde6951c68f4
                                                                                                                                                                                                  • Instruction ID: e63d2a4aac958855388f4a20b5ed3e2d4f09f111d86135bb64fe2bb3d8a9ddec
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ac58c68d887aad1c54d770a838baa36e8a14966c2cf84b18afb9fde6951c68f4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D531C035504604BFDB52AF65D808ECE3BB9EF4A304F1480A8F8649B212C739CA82CF61
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 1221654457-1990820779
                                                                                                                                                                                                  • Opcode ID: 820024c928bc216de82fb766ca6046cea79179d1f2fa9932db691566cab04656
                                                                                                                                                                                                  • Instruction ID: 91d4d6c63793f4203613e827aa1e811931b5f984717e739ce7a1e1407fb9a282
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 820024c928bc216de82fb766ca6046cea79179d1f2fa9932db691566cab04656
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 003101751087508FDA54DB35D881A2F77F9BFD5214F59894CE8C943321CB39E825C7A2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9C0280
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9C02AB
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B9C02EE
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B9C0358
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 3243432782-751156914
                                                                                                                                                                                                  • Opcode ID: 32debcafceb7a1ea08d5283ac10ad914c8b626f7a7313822227afaded3418e25
                                                                                                                                                                                                  • Instruction ID: 87147b268320058d2071a3f02e0a75dbe065b53c32d52de160dccee656ec4dcb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32debcafceb7a1ea08d5283ac10ad914c8b626f7a7313822227afaded3418e25
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A315E71904208AFDF01DFA5CC85EEEBBB8AF49714F104059F905AB250D775D841CF65
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 1221654457-1990820779
                                                                                                                                                                                                  • Opcode ID: f32805eb9f39c8cc1ab87dac972f26d698198b2b1008d8ab0596e4119fc985ea
                                                                                                                                                                                                  • Instruction ID: c50945b3b11e3042f276c265f9681eabf2602c782680da57b6b74658f38332e1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f32805eb9f39c8cc1ab87dac972f26d698198b2b1008d8ab0596e4119fc985ea
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D93100752083509FDA54CB35C8C1A6B77F9AF95218F49885CE88987321C639E801CB62
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 1221654457-1990820779
                                                                                                                                                                                                  • Opcode ID: b313ba0c6a5b75ad5977c947ff263684a2692b87cca385345cbb5e0f47cc5e6b
                                                                                                                                                                                                  • Instruction ID: 17da6282d5e926e4cef213807ce5fc38cc63d4bdead9827be371c48ab3310bab
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b313ba0c6a5b75ad5977c947ff263684a2692b87cca385345cbb5e0f47cc5e6b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E310F752083508FDA24DB35C8C1B6F77F9AFD9208F59894CE89983321CB39E811CB62
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 1221654457-1990820779
                                                                                                                                                                                                  • Opcode ID: 6185f6facc3c1dd8901618c3d60657ecaf7020bb27643323ab7d06b0bd885a65
                                                                                                                                                                                                  • Instruction ID: ce13ffc1cbe7647750a94274d9fc5546c2cb5086b385ffb2354819a79c4b4c2e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6185f6facc3c1dd8901618c3d60657ecaf7020bb27643323ab7d06b0bd885a65
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3031E0756043209FDA54CB35C8C1B6B73F9EFD5218F598858E89987321DB39EC02CBA1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 1221654457-1990820779
                                                                                                                                                                                                  • Opcode ID: 727e18eb2417db636871bb9dca38a3f8c56b58626b1c8aef00d47f3e3e50471b
                                                                                                                                                                                                  • Instruction ID: eec368cc90b6cc396174b4553b138c35cd3986d58c13e3454e24fb5fabe3179d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 727e18eb2417db636871bb9dca38a3f8c56b58626b1c8aef00d47f3e3e50471b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E231DD756043209FDA54CB39C8C1A2B73F9EFC5218F598818E84997321DB39EC02CBA1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 1221654457-1990820779
                                                                                                                                                                                                  • Opcode ID: 8e940e871c75a1ca3540888ece31e01a2e9cf942e62ac48b5b48c11e2868fce3
                                                                                                                                                                                                  • Instruction ID: 3d2c3416ba175cc239b9df6e6aab0d5ad5d1dea89b93f23ce1ef195cff142033
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e940e871c75a1ca3540888ece31e01a2e9cf942e62ac48b5b48c11e2868fce3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D31C1756043209FDA58CB35C8C1A2B73F9EFD5218F59855CE85A87361DB39EC01CBA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 1221654457-1990820779
                                                                                                                                                                                                  • Opcode ID: 0f7463568f878a33ef073715c44a94d63a2a7aca63a0b8b5262f3381350929bd
                                                                                                                                                                                                  • Instruction ID: d8b141334c983b8c7ff746f1c10e927d737a8be49346c556dbf6b1bf7a16f8ee
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f7463568f878a33ef073715c44a94d63a2a7aca63a0b8b5262f3381350929bd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4821D1766042215FDE54CB35C8C1B6F33AAAFD5218F598558E84987361DB39DC01C7A2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?D3DEnabledOnAdapter@D3DPipelineManager@@AAEJI@Z.AWT(6B936B7F,00000000,00000000,?,?,6B936B7F,00000000,?,?), ref: 6B938F3A
                                                                                                                                                                                                  • ?CreateInstance@D3DContext@@SAJPAUIDirect3D9@@IPAPAV1@@Z.AWT(?,6B936B7F,6B936B7F,6B936B7F,00000000,00000000,?,?,6B936B7F,00000000,?,?), ref: 6B938F4F
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DPPLM::GetContext: no d3d on adapter %d,6B936B7F,6B936B7F,00000000,00000000,?,?,6B936B7F,00000000,?,?), ref: 6B938F6F
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DPPLM::GetD3DContext: invalid parameters or failed init for adapter %d,6B936B7F,00000000,00000000,?,?,6B936B7F,00000000,?,?), ref: 6B938FB2
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • D3DPPLM::GetD3DContext: invalid parameters or failed init for adapter %d, xrefs: 6B938FA9
                                                                                                                                                                                                  • D3DPPLM::GetContext: no d3d on adapter %d, xrefs: 6B938F66
                                                                                                                                                                                                  • D3DPPLM::GetD3DContext: failed to create context for adapter=%d, xrefs: 6B938F5E
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ImplTrace$Adapter@Context@@CreateD9@@Direct3EnabledInstance@Manager@@PipelineV1@@
                                                                                                                                                                                                  • String ID: D3DPPLM::GetContext: no d3d on adapter %d$D3DPPLM::GetD3DContext: failed to create context for adapter=%d$D3DPPLM::GetD3DContext: invalid parameters or failed init for adapter %d
                                                                                                                                                                                                  • API String ID: 2584849846-980454107
                                                                                                                                                                                                  • Opcode ID: f8e17a80e8bc07c8338e75259a24b5b55474464cd265b0220c71ccc4cd3aad92
                                                                                                                                                                                                  • Instruction ID: e6f2fe7b39d3fdb92787a30f0c1a44bb5c649cc976df6e52d829f4a86ebf9ce6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8e17a80e8bc07c8338e75259a24b5b55474464cd265b0220c71ccc4cd3aad92
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C921E2712087059BC328DE59C8C0E67B7EAEFD5B14F00056DF9059B242D7BAE845CBE1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9B406A
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9B408C
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,?,00010002), ref: 6B9B40CB
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B9B412B
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 3243432782-751156914
                                                                                                                                                                                                  • Opcode ID: 5b2197c80cca61d17fd1a0fde8d449457cadb1a1d275fb3b204b859691a279a9
                                                                                                                                                                                                  • Instruction ID: bce5bb3cf1536875643c147000486b6b1cdd6b51824d04e5f6a058ad7b43fdf3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b2197c80cca61d17fd1a0fde8d449457cadb1a1d275fb3b204b859691a279a9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5621AC31508A04BFDB129F68CC4AE9E7BB9EF1A348B108064F5409B221DB39DD42DF61
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9B6610
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9B6632
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null menu,?,?,00010002), ref: 6B9B6681
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B9B66BB
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                                                                                                                                  • String ID: null menu$null pData$peer
                                                                                                                                                                                                  • API String ID: 3243432782-1205395791
                                                                                                                                                                                                  • Opcode ID: b92ef9465c2736d90896857bf62bd903a421cbbe739465616e13b1d84ed75a0c
                                                                                                                                                                                                  • Instruction ID: 53bb5d16b3d34399d3437439e9980d5a62df86960e286182d58af0216cf61bf6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b92ef9465c2736d90896857bf62bd903a421cbbe739465616e13b1d84ed75a0c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19219230104514EFCB119F65C849E8EBBB9EF4B315B1140ADF9419B221DB38E982CF65
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 6B93C6C0: ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(00000000,?,6B93A877), ref: 6B93C6D7
                                                                                                                                                                                                    • Part of subcall function 6B93C6C0: ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,00000000,?,6B93A877), ref: 6B93C6EB
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Manager@@Pipeline$Context@Context@@Context@@@Instance@$CallMethodNameScene@Sync@
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 4020212011-1990820779
                                                                                                                                                                                                  • Opcode ID: 4ea8aecc3437ccbe4ed43de80aaebefe79426117dd3b5f3f4caf4a0639dc2c39
                                                                                                                                                                                                  • Instruction ID: d805ec7b631872168e1c803d6475734d3402f98bfc2ad7d4f6342b3a63b60559
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ea8aecc3437ccbe4ed43de80aaebefe79426117dd3b5f3f4caf4a0639dc2c39
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B921C1756043218FDE88CB35C9C2B2E33A9AF91219F998558D8099B361DB3DDC02CB62
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 1221654457-1990820779
                                                                                                                                                                                                  • Opcode ID: 6fb048807692acc4edbc67320412242a116aa3aacb37b63c50cd6257f312206a
                                                                                                                                                                                                  • Instruction ID: 4676be298473950766b94c399520633a0b0a40c66dec41b0802a963081029742
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6fb048807692acc4edbc67320412242a116aa3aacb37b63c50cd6257f312206a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A21D1756042209FDE48DB35C8C2B7E33AAAFD5218F598558EC4997361DB3DDC02CBA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 1221654457-1990820779
                                                                                                                                                                                                  • Opcode ID: c8a79b8c624dc3acc30bde940ddc608a33d9a495daca21d72bc95591090da31e
                                                                                                                                                                                                  • Instruction ID: 57d8e3584569cc4c6258238b6bc759ed4d02b6c690b372567128c95e35c6edd6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8a79b8c624dc3acc30bde940ddc608a33d9a495daca21d72bc95591090da31e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6421F3756042214FDE48CB35C8C2B3E33A9AFD5218F598558D80987361DB3DDC02C762
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 1221654457-1990820779
                                                                                                                                                                                                  • Opcode ID: c931c8c3a3937259c9d81e9fb280014efa8e3e4e6e7fc27f77a09b5e348cdf66
                                                                                                                                                                                                  • Instruction ID: 8421f1ae2b3eb1b51a3a0c67aa5ca957d135dcc7e8a727d93f1ec30e39d188fe
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c931c8c3a3937259c9d81e9fb280014efa8e3e4e6e7fc27f77a09b5e348cdf66
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E21C3756042218FDE48DB35C8C2B7E33A9AFD5218F598558D84997361DB3DDC02C7A2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 1221654457-1990820779
                                                                                                                                                                                                  • Opcode ID: 25007e6f52db3c6efb0ed447b2939edaac37e95455dfc61868f6d9d6b3eda2c9
                                                                                                                                                                                                  • Instruction ID: e06f6fb079b2612878f921edaac8444c22b0b4f387efa659cea79ce97299e6fc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 25007e6f52db3c6efb0ed447b2939edaac37e95455dfc61868f6d9d6b3eda2c9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD21F3756042214FDE48CB35C8C2B3F33A9AFD1218F598558D80987361DB3DDC02C762
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 1221654457-1990820779
                                                                                                                                                                                                  • Opcode ID: ab5c8f548cb99440ffff0c688edaffb8df9e58d2cfd18042747f767a49708c47
                                                                                                                                                                                                  • Instruction ID: 5b29d7cd3cbf13fba85a357c6e6bd29d0469e37c51c0e53f0d5b336915f3b024
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab5c8f548cb99440ffff0c688edaffb8df9e58d2cfd18042747f767a49708c47
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE21C0756042215FDE48DB35C8C2B7E33AAAFD5218F598558D80A9B361DB39DC02CBA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 1221654457-1990820779
                                                                                                                                                                                                  • Opcode ID: e578c13abce376d69429b963d66620e9a2baa9012ee5bb22e0504122676e33f9
                                                                                                                                                                                                  • Instruction ID: ab4eadc494609be46f8dbac4d081093bfa2aa55ecab90d9fc074a26906309d56
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e578c13abce376d69429b963d66620e9a2baa9012ee5bb22e0504122676e33f9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1421DF356042218FDE48CB35C9C1B7E33A9AFD1219F598558EC1A9B361DB3DDC02C7A2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 1221654457-1990820779
                                                                                                                                                                                                  • Opcode ID: ffdcc8ad0f34863e25e051cc16a77c67ecd62452b487913725f3d7158fb6191f
                                                                                                                                                                                                  • Instruction ID: ca3b1a6f06f99c60ced3fd22c1baa60f7ab6399957aa2d5b72b0247956aa6dd6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ffdcc8ad0f34863e25e051cc16a77c67ecd62452b487913725f3d7158fb6191f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1921DF756042218FDE48CB35C8C1B7E33A9AFD1218F598558E8499B361DB3DDC42CBA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9A8DB4
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,str argument,?,?,?,?,00000004), ref: 6B9A8DD5
                                                                                                                                                                                                  • _Java_sun_awt_windows_WFontMetrics_stringWidth@12.AWT(?,?,00000000,?,?,?,?,00000004), ref: 6B9A8E49
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,?,?,00000004), ref: 6B9A8E53
                                                                                                                                                                                                  • _JNU_ThrowArrayIndexOutOfBoundsException@8.JAVA(?,off/len argument,?,?,?,?,00000004), ref: 6B9A8E69
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Throw$Exception@8$??3@ArrayBoundsCreateCurrentEnv@8EventExceptionFontH_prolog3_catchIndexJava_sun_awt_windows_Metrics_stringNullObjectPointerSingleThreadWaitWidth@12
                                                                                                                                                                                                  • String ID: off/len argument$str argument
                                                                                                                                                                                                  • API String ID: 4109992417-2050245980
                                                                                                                                                                                                  • Opcode ID: 785123f851eccb0a41d9ebbbb23ea83a09e41be55c07bd68feadc6cd7896d294
                                                                                                                                                                                                  • Instruction ID: c8339e7c958c56e3e7cf419f63dcd26407bfdf135d98f2ba37e224c6675423a2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 785123f851eccb0a41d9ebbbb23ea83a09e41be55c07bd68feadc6cd7896d294
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6111AF71201648AFDF199F75CC89FAF3BA9EF54258F208029F9049B290CB38C9418B72
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC6C
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(?,?,6BDC5A58,00010002), ref: 6B93AC73
                                                                                                                                                                                                  • ?EndScene@D3DContext@@QAEJXZ.AWT(6BDC5A58,00010002), ref: 6B93ACC2
                                                                                                                                                                                                  • ?Sync@D3DContext@@QAEJXZ.AWT ref: 6B93ACD6
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,run,()V), ref: 6B93AD08
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRQ_flushBuffer: invalid opcode=%d,?,6BDC5A58,00010002), ref: 6B93AD21
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@Manager@@Pipeline$CallContext@Context@@@ImplInstance@MethodNameScene@Sync@Trace
                                                                                                                                                                                                  • String ID: ()V$run
                                                                                                                                                                                                  • API String ID: 1221654457-1990820779
                                                                                                                                                                                                  • Opcode ID: 20eeec509750be978c37f24cc823c0b9fef6bc67ed1938290df37201841e5d41
                                                                                                                                                                                                  • Instruction ID: 7461eccf44b1df372e76a8304ac4fccd9a6fa03028499f7def92e6bfcec5a4b1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 20eeec509750be978c37f24cc823c0b9fef6bc67ed1938290df37201841e5d41
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2821E1356042218FDE48CB35C8C1B7E33A9AFD2218F598558EC0A9B361DB3DDC02C7A2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9CA1F4
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B9CA21C
                                                                                                                                                                                                  • _JNU_GetFieldByName@20.JAVA(?,00000000,00000000,alwaysOnTop,6B9D9480), ref: 6B9CA288
                                                                                                                                                                                                  • _Java_sun_awt_windows_WWindowPeer_setAlwaysOnTopNative@12.AWT(?,?,?), ref: 6B9CA2B5
                                                                                                                                                                                                    • Part of subcall function 6B9CD6A6: __EH_prolog3_catch.LIBCMT ref: 6B9CD6AD
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog3_catchThrow$AlwaysCreateCurrentEnv@8EventExceptionException@8FieldJava_sun_awt_windows_Name@20Native@12NullObjectPeer_setPointerSingleThreadWaitWindow
                                                                                                                                                                                                  • String ID: alwaysOnTop$null pData$peer
                                                                                                                                                                                                  • API String ID: 941843462-2711506980
                                                                                                                                                                                                  • Opcode ID: f2daff16f6c0f7e2b1562f9f2b810fc4431a153f9e1ed68ee92b6b7158d5a3a7
                                                                                                                                                                                                  • Instruction ID: 289cfab28f4764b04f771d92969f296d06edc71391d38b9407dc90e349c7a8aa
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2daff16f6c0f7e2b1562f9f2b810fc4431a153f9e1ed68ee92b6b7158d5a3a7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50219731404614BFCB12DFA0CD48E9F3BB9EF8A314B108555FA40A6261C739CA51DBB3
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DGlyphCache::Init: could not init D3D glyph cache), ref: 6B9368DF
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  • ?IsTextureFormatSupported@D3DContext@@QAEHW4_D3DFORMAT@@K@Z.AWT(0000001C,00000000,?,?,6B93466B), ref: 6B9368FD
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DGlyphCache::Init: could not create glyph cache texture,00000200,00000200,00000000,00000000,?,00000000,?,00000014,00000000,?,?,6B93466B), ref: 6B93694D
                                                                                                                                                                                                    • Part of subcall function 6B921000: malloc.MSVCR100 ref: 6B921005
                                                                                                                                                                                                    • Part of subcall function 6B921000: J2dTraceImpl.AWT(00000001,00000001,AccelGlyphCache_Init: could not allocate GlyphCacheInfo,?,6B93466B), ref: 6B92101B
                                                                                                                                                                                                  • ?IsTextureFormatSupported@D3DContext@@QAEHW4_D3DFORMAT@@K@Z.AWT(00000014,00000000,?,?,6B93466B), ref: 6B93690D
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • D3DGlyphCache::Init: could not create glyph cache texture, xrefs: 6B936944
                                                                                                                                                                                                  • D3DGlyphCache::Init: could not init D3D glyph cache, xrefs: 6B9368D6
                                                                                                                                                                                                  • ;5, xrefs: 6B9368B4
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Trace$Impl$Context@@FormatSupported@Texturefprintf$Init@0fflushmallocvfprintf
                                                                                                                                                                                                  • String ID: D3DGlyphCache::Init: could not create glyph cache texture$D3DGlyphCache::Init: could not init D3D glyph cache$;5
                                                                                                                                                                                                  • API String ID: 2734724971-1870317526
                                                                                                                                                                                                  • Opcode ID: 0f2649d7edd3ce0bb19b96a523aa74b53748fa451b0967c2928281844cb9e1a7
                                                                                                                                                                                                  • Instruction ID: 4838027e1a530a2cc0f06d9a74a0229f32838afc002aace2270e68ad96004aab
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f2649d7edd3ce0bb19b96a523aa74b53748fa451b0967c2928281844cb9e1a7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F112572BC8B2266E32047389C03F8663D49FA1F58F12043AF644BE2C1E6EAD440C6A1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9CA2DC
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _JNU_ThrowInternalError@8.JAVA(?,Could not get display mode constructor), ref: 6B9CA30F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Throw$CreateCurrentEnv@8Error@8EventExceptionH_prolog3_catchInternalObjectSingleThreadWait
                                                                                                                                                                                                  • String ID: (IIII)V$<init>$Could not get display mode class$Could not get display mode constructor$java/awt/DisplayMode
                                                                                                                                                                                                  • API String ID: 1683192215-835006744
                                                                                                                                                                                                  • Opcode ID: 82dbfd069e0f3578fa17f59763eeddbe901b5e97068d6384da4b772b5a0ec649
                                                                                                                                                                                                  • Instruction ID: e7bdfa711259b0f3ebf052e2bb3b61d9046838488832cce95fd9500384ddff7a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 82dbfd069e0f3578fa17f59763eeddbe901b5e97068d6384da4b772b5a0ec649
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E01A275504510BBCB11AFB58C05F8F3A79AFA531AB148044FA449A209DB3CC602CB73
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000003,00000001,D3DGD_getDeviceCapsNative), ref: 6B936B4B
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT ref: 6B936B53
                                                                                                                                                                                                  • ?GetAdapterOrdinalForScreen@D3DPipelineManager@@QAEIJ@Z.AWT(?), ref: 6B936B6B
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(00000000,?,?), ref: 6B936B7A
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DGD_getDeviceCapsNative: device %d disabled,00000000,00000000,?,?), ref: 6B936B8D
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • D3DGD_getDeviceCapsNative, xrefs: 6B936B42
                                                                                                                                                                                                  • D3DGD_getDeviceCapsNative: device %d disabled, xrefs: 6B936B84
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Manager@@PipelineTrace$Implfprintf$AdapterContext@Context@@@Init@0Instance@OrdinalScreen@fflushvfprintf
                                                                                                                                                                                                  • String ID: D3DGD_getDeviceCapsNative$D3DGD_getDeviceCapsNative: device %d disabled
                                                                                                                                                                                                  • API String ID: 1313270379-1057826975
                                                                                                                                                                                                  • Opcode ID: 0e0e3a51d1c4d4570ffa1d0a1dc41a78bfb8f95c9f4767fd5e0b8a493f24bcf8
                                                                                                                                                                                                  • Instruction ID: 7a41f438090c96f412d32d62273cf794ab64212cb5fe0228db8c3e31e16bacdf
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e0e3a51d1c4d4570ffa1d0a1dc41a78bfb8f95c9f4767fd5e0b8a493f24bcf8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49F02B3370452166D229D2759C46FDFA39CDFF0769F01403EF605D6180DB69D51182F1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9CA82E
                                                                                                                                                                                                  • GetVersion.KERNEL32(0000000C,6B9CA8FF), ref: 6B9CA83D
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9CA887
                                                                                                                                                                                                  • JNU_CallStaticMethodByName.JAVA(00000000,00000000,sun/awt/Win32GraphicsEnvironment,dwmCompositionChanged,(Z)V,?,00010002), ref: 6B9CA8A2
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CallEnv@8H_prolog3_catchMethodNameStaticVersion
                                                                                                                                                                                                  • String ID: (Z)V$dwmCompositionChanged$sun/awt/Win32GraphicsEnvironment
                                                                                                                                                                                                  • API String ID: 2959205352-2490318706
                                                                                                                                                                                                  • Opcode ID: f2381acf93a92f90e9b838e3f29cf744f406b19bc0c2ddca582818f09e76eac2
                                                                                                                                                                                                  • Instruction ID: e95bc6bd428c83b4218ea4ecf7fa3319ed63ab59326d61f1f9b7aa3576405eb1
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2381acf93a92f90e9b838e3f29cf744f406b19bc0c2ddca582818f09e76eac2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1BF0C8B09443049BDB40DFB58DC2B5A32745766719FE0C528F101A6285E73CCE428767
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ceil$floor$callocfreememcpy
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 905172459-0
                                                                                                                                                                                                  • Opcode ID: c10ed9129afe93ff62df580a7ee45ec70835550f9464bdf33483748083d02d65
                                                                                                                                                                                                  • Instruction ID: 40cbdde2a09b4a3ef9cb44a8f9f434edffde685eecd1cbae325f98349b858ae7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c10ed9129afe93ff62df580a7ee45ec70835550f9464bdf33483748083d02d65
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21617AB1A09705EBCB50BF25C44808ABFF0FF95755F618928E8D5A2269E731D960CFC2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?BeginScene@D3DContext@@QAEJC@Z.AWT(00000008,00000000,?,?,00000000,?,?,00000000), ref: 6B93DC70
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: BeginContext@@Scene@
                                                                                                                                                                                                  • String ID: $
                                                                                                                                                                                                  • API String ID: 179168274-227171996
                                                                                                                                                                                                  • Opcode ID: e3de0356d795ddedd7b5bda55964219a28d39a11cebd29035e5b57d9909f1454
                                                                                                                                                                                                  • Instruction ID: f6ddcc7e75ed8686ec3fef2b2794da8d70f4ca03327b817927af65d2f295a41c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e3de0356d795ddedd7b5bda55964219a28d39a11cebd29035e5b57d9909f1454
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DCB12BB1A083419FD324CF69C594A5ABBF0BFC8744F508A1DE6C897354EB75E824CB92
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _control87$FreeGlobal$ExceptionThrowfree
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2013312868-0
                                                                                                                                                                                                  • Opcode ID: 9a37c50cbf0f8bd20158b6ce6f2ca8eb67e6b50f484a3fffa8a6f1a3fa317e9e
                                                                                                                                                                                                  • Instruction ID: 83a7ddd9bcbff8d70e55b3313eb23085903a40571b0725494f0e626ead09a6c5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a37c50cbf0f8bd20158b6ce6f2ca8eb67e6b50f484a3fffa8a6f1a3fa317e9e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5CA14C31900608EFCB11CFA4C888FAE7BB9EF49714F204899F914AB261D739DA91CF10
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • floor.MSVCR100 ref: 6B970DDC
                                                                                                                                                                                                  • floor.MSVCR100 ref: 6B970E1C
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,OGLTR_DrawGlyphList: glyph info is null,?,00000000,?,?,?,?,?,6B97108D,?,?,?,?,00000000), ref: 6B970FD6
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • OGLTR_DrawGlyphList: glyph info is null, xrefs: 6B970FCB
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: floor$ImplTrace
                                                                                                                                                                                                  • String ID: OGLTR_DrawGlyphList: glyph info is null
                                                                                                                                                                                                  • API String ID: 515582716-4135090480
                                                                                                                                                                                                  • Opcode ID: d94f87acc0d3d77373f1d211f573e289d8acb91db5898f581b04e8635a439c1f
                                                                                                                                                                                                  • Instruction ID: d071999ef6dbd49d57b60bb149e02282b8f883125d3f9bd7e382dc63f9841d95
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d94f87acc0d3d77373f1d211f573e289d8acb91db5898f581b04e8635a439c1f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF81B470608701DBC720AF24D884A9BBFF4FF85758F118968F89952294D736D961CBA3
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9A27C7
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002,?,?,0000001C), ref: 6B9A2825
                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 6B9A28EE
                                                                                                                                                                                                  • GlobalSize.KERNEL32(?), ref: 6B9A28FA
                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 6B9A2903
                                                                                                                                                                                                  • GlobalLock.KERNEL32(?), ref: 6B9A293C
                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(?), ref: 6B9A297E
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Global$Env@8ErrorLast$CreateCurrentEventExceptionH_prolog3_catchLockObjectSingleSizeThreadThrowUnlockWait
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3776949526-0
                                                                                                                                                                                                  • Opcode ID: 66c879ef08c2d10e5689bbf0933e178bd429cacd7754bd9d2b7fb8b1a48bf140
                                                                                                                                                                                                  • Instruction ID: d249390c6d64e6fc25e0e55e41b03a95b9eb715894a43f5e5258f7d037cd8cdd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66c879ef08c2d10e5689bbf0933e178bd429cacd7754bd9d2b7fb8b1a48bf140
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91516A30600605EFDB019F69C889FAEBBB9FF09705F248458F9059B261D738D985CF61
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B994B6D
                                                                                                                                                                                                  • _JNU_ClassString@4.JAVA(00000000), ref: 6B994BB3
                                                                                                                                                                                                  • _JVM_CurrentTimeMillis@8.JVM(00000000,00000000,00010002), ref: 6B994CBC
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • sun/awt/windows/WInputMethod, xrefs: 6B994C67
                                                                                                                                                                                                  • sendInputMethodEvent, xrefs: 6B994C9F
                                                                                                                                                                                                  • (IJLjava/lang/String;[I[Ljava/lang/String;[I[BIII)V, xrefs: 6B994C9A
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ClassCurrentEnv@8Millis@8String@4Time
                                                                                                                                                                                                  • String ID: (IJLjava/lang/String;[I[Ljava/lang/String;[I[BIII)V$sendInputMethodEvent$sun/awt/windows/WInputMethod
                                                                                                                                                                                                  • API String ID: 2797162521-3029828681
                                                                                                                                                                                                  • Opcode ID: 57580840961386874b3e9649dbc47d79bad4d2297d2d610acd1a430d86610032
                                                                                                                                                                                                  • Instruction ID: 8e274106ad04dec75adfda0905fce3b826779b782bd026eefd354db82eb169de
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 57580840961386874b3e9649dbc47d79bad4d2297d2d610acd1a430d86610032
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80516D34500604EFDB63AFA4DC88DEE7BB9FF89704B248599F86586210D33AD952CF60
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _control87$??3@H_prolog3_catch
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 417898319-0
                                                                                                                                                                                                  • Opcode ID: 7c4151da1afa7cb270c43ec5cecf5c389a09d2371a76db9401d8438a954dace7
                                                                                                                                                                                                  • Instruction ID: c11401ecc8d26654cbbe70cba6e0cf599dd946ed619d95ef0a78fd33b8aee1ad
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c4151da1afa7cb270c43ec5cecf5c389a09d2371a76db9401d8438a954dace7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18513776900509AFDF01DFA4C888CEEBBB9FF48310F204969F515A72A0CB359A41CF60
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _control87$??3@H_prolog3_catch
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 417898319-0
                                                                                                                                                                                                  • Opcode ID: 8264a5128bb954cde262eb7b0eab38a31fe6150751e18bd6c8ae48d4be9987ae
                                                                                                                                                                                                  • Instruction ID: 6aa4e4110c0e819512902a306ffc4b90586debce715871216b176b1d8bf55c2d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8264a5128bb954cde262eb7b0eab38a31fe6150751e18bd6c8ae48d4be9987ae
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83514671904609EFCB11CFA8D988CAEBBB5FF89310F20495AF514A62A0DB36D951CF61
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9B44C7
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002,00000030), ref: 6B9B44D7
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null target), ref: 6B9B4511
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8Exception@8H_prolog3_catchNullPointerThrow
                                                                                                                                                                                                  • String ID: null pData$null target$peer
                                                                                                                                                                                                  • API String ID: 1176200671-3834951249
                                                                                                                                                                                                  • Opcode ID: 5eb2c1c1393658e4418b3aff627fe2b06b8514e99be38c43c327e710e0dc5cc6
                                                                                                                                                                                                  • Instruction ID: d889a464f31fb4fd1e2bbd32011c4ed9016eb31fcb5b6dea86b86ae4d89efd2b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5eb2c1c1393658e4418b3aff627fe2b06b8514e99be38c43c327e710e0dc5cc6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE515771905608EFDF02DFA4C849EEEBBB6FF49300F248059F644A6260C7798A51DF61
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _control87$??3@H_prolog3_catch
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 417898319-0
                                                                                                                                                                                                  • Opcode ID: ba605443ad1bb9a7ed98e246a88ae38a93c25812e4bd70d2a21c0018f81f2511
                                                                                                                                                                                                  • Instruction ID: ffe66a57e5350273b0d6044061509a5abcc8d689f103941a8e39c09fc3bfa535
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ba605443ad1bb9a7ed98e246a88ae38a93c25812e4bd70d2a21c0018f81f2511
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE512831804519EFCF128FA4CC88CEEBBB5FF49324F2449A9F514A6260DB369A51DF64
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9B3B9F
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002,00000030), ref: 6B9B3BAF
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,target), ref: 6B9B3BE9
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8Exception@8H_prolog3_catchNullPointerThrow
                                                                                                                                                                                                  • String ID: null pData$peer$target
                                                                                                                                                                                                  • API String ID: 1176200671-218633999
                                                                                                                                                                                                  • Opcode ID: c06bff045c79e5b86ca9d7a0ffda77e80b069a54b06cf1331bb4e64da3ff12a3
                                                                                                                                                                                                  • Instruction ID: 54e751729dc773d312f0d0d2c5fe7f6f1789fc5947baf04b04a39ba592253786
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c06bff045c79e5b86ca9d7a0ffda77e80b069a54b06cf1331bb4e64da3ff12a3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4513671909618EFDF12DFA4C849EEEBBB5BF49300F248055F544A6260C73A8A51DF61
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9C29F6
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B9C2A55
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B9C2AE2
                                                                                                                                                                                                    • Part of subcall function 6B9C2807: wcschr.MSVCR100 ref: 6B9C2835
                                                                                                                                                                                                    • Part of subcall function 6B9C2452: wcschr.MSVCR100 ref: 6B9C2464
                                                                                                                                                                                                    • Part of subcall function 6B9C2452: wcslen.MSVCR100 ref: 6B9C2471
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(00000000,?,00010002), ref: 6B9C2AC5
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@wcschr$Env@8Exception@8NullPointerThrowwcslen
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 1963316395-751156914
                                                                                                                                                                                                  • Opcode ID: 562a3f7ad461be82b7c934db1832abbaeb1708e79cb34dd54bde92d57b185a8d
                                                                                                                                                                                                  • Instruction ID: 95805f8f9a7d12d3436abc7df10326af3d5142d2386f6b1570ea96bd9e2374fe
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 562a3f7ad461be82b7c934db1832abbaeb1708e79cb34dd54bde92d57b185a8d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C319035204604BFCB11DF68CC89E9F7BF9EF49304B118069F9499B261DB35D942CB62
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B996282
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null font,?,00010002), ref: 6B9962EB
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B996358
                                                                                                                                                                                                    • Part of subcall function 6B9A827D: __EH_prolog3_catch.LIBCMT ref: 6B9A8284
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@Env@8Exception@8H_prolog3_catchNullPointerThrow
                                                                                                                                                                                                  • String ID: null font$null pData$peer
                                                                                                                                                                                                  • API String ID: 3215036821-2400823808
                                                                                                                                                                                                  • Opcode ID: d7ec09f60b4cf2f5e07b5c4203eb9d2d51819fd61cb2ebc49fffb04c059bfb24
                                                                                                                                                                                                  • Instruction ID: 3b52b12b169abf3f1c768856a3f9ace8ac804c87a58a14aeb8ea0a97a057f399
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d7ec09f60b4cf2f5e07b5c4203eb9d2d51819fd61cb2ebc49fffb04c059bfb24
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00318F71204610BFDB52AFA5CC89DAE7BBDEF4A30871440A9F98187311D739DD42CBA5
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?Render@D3DVertexCacher@@QAEJH@Z.AWT(00000000,00000000,?,?,6B93623C,?,?,6B9329A5,00000008,00000100,00000100,?,?,00000001), ref: 6B9360F7
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Cacher@@Render@Vertex
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 143351990-0
                                                                                                                                                                                                  • Opcode ID: d1dadae64df0c6b0248c5c687a3dadcfd13530f0ec21321f39e75b9c9679cc3a
                                                                                                                                                                                                  • Instruction ID: fd09e3b1f6e48ac6010e31a522d7faa5060930629e948e2bbb89140446cd815a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1dadae64df0c6b0248c5c687a3dadcfd13530f0ec21321f39e75b9c9679cc3a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 60217C6338D57017D52055B92C6275FB7554FE2B2DF04407AE281CB3C2CB5AE805C3AA
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT ref: 6B936A3C
                                                                                                                                                                                                  • ?GetAdapterOrdinalForScreen@D3DPipelineManager@@QAEIJ@Z.AWT(?), ref: 6B936A6F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Manager@@Pipeline$AdapterInstance@OrdinalScreen@
                                                                                                                                                                                                  • String ID: %x&%x %S (%d.%d.%d.%d)
                                                                                                                                                                                                  • API String ID: 1472660137-4060426082
                                                                                                                                                                                                  • Opcode ID: 22acbdb8a86c6d02d9ca5977537f9bceb267871ce21fc2b1aae712f9b5cdbfec
                                                                                                                                                                                                  • Instruction ID: 7e962e0cc760370c5ae9c551c4fb1365aa75cd20bf78f348218f59f2f66839c9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22acbdb8a86c6d02d9ca5977537f9bceb267871ce21fc2b1aae712f9b5cdbfec
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C21E6B16096506BD7249B39DC45FBBB3EC9FD9304F41841DE94AC7281EA38E801C7A6
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 6B98CBF0: memset.MSVCR100 ref: 6B98CC0C
                                                                                                                                                                                                    • Part of subcall function 6B98CBF0: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6B98D037,?,?,6B98D208,WGLGraphicsConfig_getWGLConfigInfo), ref: 6B98CC16
                                                                                                                                                                                                    • Part of subcall function 6B98CBF0: J2dTraceImpl.AWT(00000001,00000001,WGLGC_CreateScratchWindow: error registering window class), ref: 6B98CC47
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,WGLGC_CreateContext: could not create scratch window,00000000,?,?,?,?,?,?,?,6B98D2B9,?,?), ref: 6B98CF5B
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,WGLGC_CreateContext: could not get dc for scratch window,?,?,?,?,?,?,?,6B98D2B9,?,?,?,?,WGLGraphicsConfig_getWGLConfigInfo), ref: 6B98CF8C
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • WGLGC_CreateContext: error setting pixel format, xrefs: 6B98CFC3
                                                                                                                                                                                                  • WGLGC_CreateContext: could not get dc for scratch window, xrefs: 6B98CF83
                                                                                                                                                                                                  • WGLGC_CreateContext: could not create scratch window, xrefs: 6B98CF52
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Trace$Impl$fprintf$HandleInit@0Modulefflushmemsetvfprintf
                                                                                                                                                                                                  • String ID: WGLGC_CreateContext: could not create scratch window$WGLGC_CreateContext: could not get dc for scratch window$WGLGC_CreateContext: error setting pixel format
                                                                                                                                                                                                  • API String ID: 4003939408-3120687758
                                                                                                                                                                                                  • Opcode ID: 0470058f15b4871fa8673b6a6a6d8d00ffcd897c5de5bc23c7c1f24c51f4e302
                                                                                                                                                                                                  • Instruction ID: 5cfedc7cc164fa52013439f1732c6d177009ebe16659bb838f698bfc5cc6b2cc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0470058f15b4871fa8673b6a6a6d8d00ffcd897c5de5bc23c7c1f24c51f4e302
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B21A132A1C6006FDB54AB75CC4BB9F3BA8AF9D359FC48519F40992280EB6DC54187A3
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _control87$Global$AllocFree
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3645382022-0
                                                                                                                                                                                                  • Opcode ID: aba959cb9238e412eca06181b50765088298526a8da256289f6288f0af6028dd
                                                                                                                                                                                                  • Instruction ID: 72036a4aeb2f4e3f1a3c234e647852a90be860f2faa14045b80ecda0b598f18a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: aba959cb9238e412eca06181b50765088298526a8da256289f6288f0af6028dd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45216FB2504658FFDB115FA59C49CAF7BBCEB82B61B20856EF92096180EE35D540CB60
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9C0F55
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9C0F98
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B9C0FD8
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B9C1010
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 3243432782-751156914
                                                                                                                                                                                                  • Opcode ID: e32faa810b280fc20f349b4261134aaad36d99772cf4ea14c5b007de2fc1d15e
                                                                                                                                                                                                  • Instruction ID: 3b75a571a6f20c72cce119d14955b73116787d5fc6f3af4118cf0acc71f1b836
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e32faa810b280fc20f349b4261134aaad36d99772cf4ea14c5b007de2fc1d15e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 78318C70508215EFDB01DFA4C889DAEBBB9EF4E305B508069F905A7250EB39DC42DF66
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_ThrowInternalError@8.JAVA(?,Desktop shell folder missing), ref: 6B97A10A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Desktop shell folder missing, xrefs: 6B97A102
                                                                                                                                                                                                  • Could not parse name, xrefs: 6B97A195
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Error@8InternalThrow
                                                                                                                                                                                                  • String ID: Could not parse name$Desktop shell folder missing
                                                                                                                                                                                                  • API String ID: 3981042242-2880294790
                                                                                                                                                                                                  • Opcode ID: 536a401aec8e9012a879e4f983086b0721a7a9cc6a4e3fe7fa6524dbf49b422a
                                                                                                                                                                                                  • Instruction ID: ef46f6f7ffaeb446604357082d54e01b20f3a6ad95d8ac63ca2044efef928bfd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 536a401aec8e9012a879e4f983086b0721a7a9cc6a4e3fe7fa6524dbf49b422a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15219D72200208BFDB20DF39CC49E9B3BA9EF8A344F008469F80987211D739D651CAA0
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9CCF9F
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9CCFCA
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B9CD00A
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B9CD058
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 3243432782-751156914
                                                                                                                                                                                                  • Opcode ID: 8301378e28b8f30f9e6bde7143518ca8c7a3bb43dd4b3de6bc5c84ea07fb524d
                                                                                                                                                                                                  • Instruction ID: d2336e33adc674f06b9aab669cca8b76bf2c1ba24a70962efbc269df53772de3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8301378e28b8f30f9e6bde7143518ca8c7a3bb43dd4b3de6bc5c84ea07fb524d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AF215A35144605FFCB168FA4C888DAE7BB9EF4E7547108069F9059B320E736D892EF62
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002,00000000,?), ref: 6B99EFEB
                                                                                                                                                                                                  • JNU_CallStaticMethodByName.JAVA(00000000,?,sun/awt/windows/WWindowPeer,getActiveWindowHandles,(Ljava/awt/Component;)[J,?,00010002,00000000,?), ref: 6B99F009
                                                                                                                                                                                                  • _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B99F034
                                                                                                                                                                                                    • Part of subcall function 6B99EF6C: _JNU_GetEnv@8.JAVA(00010002,-00000001,00000000,?,6B99F083,?,00000000,?,?,?,00010002,00000000,?), ref: 6B99EF7A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • sun/awt/windows/WWindowPeer, xrefs: 6B99EFFF
                                                                                                                                                                                                  • (Ljava/awt/Component;)[J, xrefs: 6B99EFF5
                                                                                                                                                                                                  • getActiveWindowHandles, xrefs: 6B99EFFA
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8$CallExceptionMethodNameStaticThrow
                                                                                                                                                                                                  • String ID: (Ljava/awt/Component;)[J$getActiveWindowHandles$sun/awt/windows/WWindowPeer
                                                                                                                                                                                                  • API String ID: 521219783-1664248972
                                                                                                                                                                                                  • Opcode ID: fddd72b3ca572106c1ea1f90f25d8a76fddb9a7d1baa3fde35aae3f801f2e931
                                                                                                                                                                                                  • Instruction ID: 5bd2f9b66a4929b829817e6ab5bac273f79128bcc8dd70a1fc1b7151ab7d5904
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fddd72b3ca572106c1ea1f90f25d8a76fddb9a7d1baa3fde35aae3f801f2e931
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B21D335900609BFDB11ABA4DC49FEFBBBCEF8A318F144495F950A7201E739E6458B60
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9AA110
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9AA132
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B9AA172
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B9AA1AF
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 3243432782-751156914
                                                                                                                                                                                                  • Opcode ID: 3a3b205c3b1aed6374fe87edc860b8879fd56ed730b3af8e3bc04b70d47e4598
                                                                                                                                                                                                  • Instruction ID: 865693294dacc30c7c157f7a4be00ece5f18a268a3f0276c3cca66577ae1cd1c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a3b205c3b1aed6374fe87edc860b8879fd56ed730b3af8e3bc04b70d47e4598
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47218E30604618EFCB02DFA5C889DEEBBB8FF09305B108469F9419B250DB39D942CFA5
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B996CF7
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B996D28
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B996D68
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B996D9E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 3243432782-751156914
                                                                                                                                                                                                  • Opcode ID: d548d7a5b53ebd18133f08ff42594baf958f5473c2e7f112c69fd329f371c1f2
                                                                                                                                                                                                  • Instruction ID: d586642d04e32172b28872d318c3a67fd37186a9c0c6d8e1447a918cdd97793b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d548d7a5b53ebd18133f08ff42594baf958f5473c2e7f112c69fd329f371c1f2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C219A31104604BFDB42AF60CC49EAA7BBDEF0A7557258064F9158B250DB39EA82DFB1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9C2C63
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9C2C8E
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B9C2CCE
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B9C2D0F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 3243432782-751156914
                                                                                                                                                                                                  • Opcode ID: 1fa2341ecc719a9791a85d074d7021829f0d5bddd7e3ed56ce42c999b364089a
                                                                                                                                                                                                  • Instruction ID: c92b656cf22ee482b5334296c21b6deb878e467a2cf574e6649e22135bc9850b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1fa2341ecc719a9791a85d074d7021829f0d5bddd7e3ed56ce42c999b364089a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA21A130204604FFDB159F64CC49E9E7BB9EF09355F108068F9459B250DB35D942CFA6
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B99263B
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B992672
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B9926B2
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B9926E4
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 3243432782-751156914
                                                                                                                                                                                                  • Opcode ID: 827e808a82764a6f07cf9c519167e4f86d6c8d080f664581680cdf01a771317e
                                                                                                                                                                                                  • Instruction ID: fe49d0a78ca6e65196bac9d817331182ed102fe344606f3f227a05cd8f5a677a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 827e808a82764a6f07cf9c519167e4f86d6c8d080f664581680cdf01a771317e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC21BE34504608EFCB029FA4DC84DAE7BB9FF4A314710806AF9069B750EB35D892DF61
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9CC947
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null insets,?,00010002), ref: 6B9CC9B2
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B9CC9E2
                                                                                                                                                                                                    • Part of subcall function 6B9CB53E: _JNU_GetEnv@8.JAVA(00010002,?,00000000), ref: 6B9CB563
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8$??3@Exception@8NullPointerThrow
                                                                                                                                                                                                  • String ID: null insets$null pData$peer
                                                                                                                                                                                                  • API String ID: 3336843694-1336538114
                                                                                                                                                                                                  • Opcode ID: 752ab98593bc03e7851b67f3e8dc7fbb91e22bc8ad9c27ab408da6fc9a69955c
                                                                                                                                                                                                  • Instruction ID: c099fd7506779ac0c7dee011c4bf7e3a5a39e8e2cc050a172a1b3f5be4267eca
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 752ab98593bc03e7851b67f3e8dc7fbb91e22bc8ad9c27ab408da6fc9a69955c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9218C31104614FFCB228F65C889E8A3FB8EF4A3547108056FA459B262D739D982CBA7
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,private data), ref: 6B978989
                                                                                                                                                                                                  • _JNU_ThrowInternalError@8.JAVA(?,bad path delivery sequence), ref: 6B9789A2
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Throw$Error@8Exception@8InternalNullPointer
                                                                                                                                                                                                  • String ID: bad path delivery sequence$path segment data$private data
                                                                                                                                                                                                  • API String ID: 1693744675-460574378
                                                                                                                                                                                                  • Opcode ID: 2c30034196160ed2e7c467a88e36f6f121b153af8b0977724c93b458502cd7d2
                                                                                                                                                                                                  • Instruction ID: 9a0ecbf0d013b74584c58e613ccc085df74e4d3c09b45b8ff843cfc25aaf5e3a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c30034196160ed2e7c467a88e36f6f121b153af8b0977724c93b458502cd7d2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8A11D231108610DFC370AA2AD688A5BFFF8BFE1714F42895DE1C522955C338E466CF62
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,private data), ref: 6B9788C9
                                                                                                                                                                                                  • _JNU_ThrowInternalError@8.JAVA(?,bad path delivery sequence), ref: 6B9788E2
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Throw$Error@8Exception@8InternalNullPointer
                                                                                                                                                                                                  • String ID: bad path delivery sequence$path segment data$private data
                                                                                                                                                                                                  • API String ID: 1693744675-460574378
                                                                                                                                                                                                  • Opcode ID: 2b04baecb028fd1ecf6eed42772466763d958962fd3419207950e1bf9e75dacd
                                                                                                                                                                                                  • Instruction ID: a1cf8e22d66cd301dff7da4f2d6a3fcfd35b38bef7c5c2d3d521f2f34289d098
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b04baecb028fd1ecf6eed42772466763d958962fd3419207950e1bf9e75dacd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7211D631108611DFC270BB2AE684A9BBFF4FFD5714B41886DE5C552945C338E4668F72
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9CC6D4
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9CC6F6
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,?,00010002), ref: 6B9CC732
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B9CC772
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 3243432782-751156914
                                                                                                                                                                                                  • Opcode ID: d11aa6c07ccd4c0a35025a417f5748d16552b477ea9b687e81ebe757ee73c75b
                                                                                                                                                                                                  • Instruction ID: d43e27686cc6c5c8fc9016911203483f40815d6bc40049fbb8931ffb624d7c8d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d11aa6c07ccd4c0a35025a417f5748d16552b477ea9b687e81ebe757ee73c75b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2711E631108654BFDB029F65CD49EDE7FBCEF0A755B1480A4F5809B221CB29D942CBB2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9C2D2A
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9C2D4C
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,?,00010002), ref: 6B9C2D88
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B9C2DC0
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 3243432782-751156914
                                                                                                                                                                                                  • Opcode ID: d0fe84dafffa5d7d697ff32bb8547eea4bec2efdd9ee987a7cd04c526e77c135
                                                                                                                                                                                                  • Instruction ID: 601d3471f693b2c55fdf60b55b0fa8815350c55069c65abcd1808a03e568cb2f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0fe84dafffa5d7d697ff32bb8547eea4bec2efdd9ee987a7cd04c526e77c135
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7011B231108604BFDB129F65CC49EDA7FBCEF1A35470480A4F9408B261D739C9468BB2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B99293B
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B99295D
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,?,00010002), ref: 6B992999
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B9929D2
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 3243432782-751156914
                                                                                                                                                                                                  • Opcode ID: 92689e2f0bf8208c9c0adb9ac2a6b6ad3117c747a46bd0397b247eac9ba1b2ab
                                                                                                                                                                                                  • Instruction ID: fdbaff0f21342795f6ae3e25e033780179f8445756fdb629c70120be7c9f2785
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 92689e2f0bf8208c9c0adb9ac2a6b6ad3117c747a46bd0397b247eac9ba1b2ab
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81110131104608BFDB52AF65CD49E9E7BBDEF0A348B048064F5449B261CB39DC42CBB5
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9CC89B
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9CC8BD
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,?,00010002), ref: 6B9CC8F9
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B9CC92B
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 3243432782-751156914
                                                                                                                                                                                                  • Opcode ID: b611e90b7f51524ab9f11371b956bd012dc694fc2a16c10b5bc029b76ddfe6f5
                                                                                                                                                                                                  • Instruction ID: 4cdd5612f626a8ccffd2a8ae59afaea11cbf22072c192e34ebf0ddf6f0f88884
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b611e90b7f51524ab9f11371b956bd012dc694fc2a16c10b5bc029b76ddfe6f5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4811BF31108604BFCB069F64C849EAF7FBCEF0A25530580A4F5858B222DB29D9428BA6
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9967E4
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B996804
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,?,00010002), ref: 6B996840
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B996876
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 3243432782-751156914
                                                                                                                                                                                                  • Opcode ID: aee31ed9d85cacb25d14d8a0680518411746450eee65a89db04c27f909a76cd3
                                                                                                                                                                                                  • Instruction ID: dbf33a16412e1c6298ad9faee85194995b146b801646ac70b514ac31e555ff2b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: aee31ed9d85cacb25d14d8a0680518411746450eee65a89db04c27f909a76cd3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A11B231104A04FFDB52AF66CC49E9E7BBCEF0A759B148064F5419B221C739D942CBA5
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • FormatMessageW.KERNEL32(00001300,00000000,?,00000400,?,00000000,00000000), ref: 6B9A0CEF
                                                                                                                                                                                                  • lstrlenW.KERNEL32(00000000), ref: 6B9A0CFC
                                                                                                                                                                                                  • LocalAlloc.KERNEL32(00000000,00000040), ref: 6B9A0D2F
                                                                                                                                                                                                  • swprintf_s.MSVCR100 ref: 6B9A0D60
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AllocFormatLocalMessagelstrlenswprintf_s
                                                                                                                                                                                                  • String ID: IDispatch error #%d$Unknown error 0x%0lX
                                                                                                                                                                                                  • API String ID: 3712830507-2934499512
                                                                                                                                                                                                  • Opcode ID: ef14c7e69c866680ba595f4e58d05e3d01db1cf5afcff8a235c12a771beb83d3
                                                                                                                                                                                                  • Instruction ID: 3ffbe1e2e001e871712a3c503d8028980cce62eff6c499a1c4112d3329ac4b57
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef14c7e69c866680ba595f4e58d05e3d01db1cf5afcff8a235c12a771beb83d3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3811CE76600204ABC320AF6ADC44E66B7ACFF8A718B20045DF2C9DB141D7B9F482CB70
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9B4D18
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9B4D3A
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,?,00010002), ref: 6B9B4D76
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B9B4DA8
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 3243432782-751156914
                                                                                                                                                                                                  • Opcode ID: 124f8693dfe000f25cb4eff328a6e3e58e08a27f0d35c869dbc62e1f64fea545
                                                                                                                                                                                                  • Instruction ID: a173ac26adc1102c841d59eabcafed166fbee66f05bc491f26288b5c526a5cff
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 124f8693dfe000f25cb4eff328a6e3e58e08a27f0d35c869dbc62e1f64fea545
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1811BF31108A04BFEB129F65CC49E9A7BB8EF4A358B108064F5449B260C739E9429FB1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9926FF
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B992721
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,?,00010002), ref: 6B99275D
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B99278F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$??3@Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 3243432782-751156914
                                                                                                                                                                                                  • Opcode ID: ed5e414f973cb96ff162be3592e4cf5fccbc800b8f102ae5eb6642a836df10a5
                                                                                                                                                                                                  • Instruction ID: 9c17175d7024ab164f68d9c1b66ceee9682508f2b6551044504537a3666f02fc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed5e414f973cb96ff162be3592e4cf5fccbc800b8f102ae5eb6642a836df10a5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C11BF31104604FFDB52AF65CD89E8A7BB8EF0A3587158064F504EB220D739E9428FA1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000,?), ref: 6B9A2FCE
                                                                                                                                                                                                  • GlobalSize.KERNEL32(6B9C5CA6), ref: 6B9A2FD3
                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 6B9A2FDE
                                                                                                                                                                                                  • GlobalLock.KERNEL32(6B9C5CA6), ref: 6B9A2FF4
                                                                                                                                                                                                  • memcmp.MSVCR100(00000000,00000000,00000004), ref: 6B9A3001
                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(6B9C5CA6), ref: 6B9A3013
                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 6B9A301D
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ErrorGlobalLast$LockSizeUnlockmemcmp
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2919260238-0
                                                                                                                                                                                                  • Opcode ID: c4727114c9d17b38ea472894f18e94d8063a6ba20af937fe6b622918fd4a6d46
                                                                                                                                                                                                  • Instruction ID: ea6162bd5d632ff4fc068e9e7eaba7fe6e98e795d6955e7d596319288cad938a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c4727114c9d17b38ea472894f18e94d8063a6ba20af937fe6b622918fd4a6d46
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F8118971908219ABDF10EFB6DD09ADEBBB8EF8A300F008569E506E7150EB34C641CB90
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9CA565
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                    • Part of subcall function 6B9CA2D5: __EH_prolog3_catch.LIBCMT ref: 6B9CA2DC
                                                                                                                                                                                                    • Part of subcall function 6B9CA2D5: _JNU_ThrowInternalError@8.JAVA(?,Could not get display mode constructor), ref: 6B9CA30F
                                                                                                                                                                                                  • _JNU_ThrowInternalError@8.JAVA(?,Could not get method java.util.ArrayList.add()), ref: 6B9CA5A9
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Could not get class java.util.ArrayList, xrefs: 6B9CA5A3
                                                                                                                                                                                                  • Could not get method java.util.ArrayList.add(), xrefs: 6B9CA5D2
                                                                                                                                                                                                  • (Ljava/lang/Object;)Z, xrefs: 6B9CA5B6
                                                                                                                                                                                                  • add, xrefs: 6B9CA5BB
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Throw$Error@8H_prolog3_catchInternal$CreateCurrentEnv@8EventExceptionObjectSingleThreadWait
                                                                                                                                                                                                  • String ID: (Ljava/lang/Object;)Z$Could not get class java.util.ArrayList$Could not get method java.util.ArrayList.add()$add
                                                                                                                                                                                                  • API String ID: 2269077184-2922031720
                                                                                                                                                                                                  • Opcode ID: 5c141963bad7a5a55a7cf16683d5af4ce5b42c31d60e5744cf6b7380f05c022d
                                                                                                                                                                                                  • Instruction ID: dfebdc18453426548925dec565f4f4331f3a6ba6c20016b201b8554764a11c6c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5c141963bad7a5a55a7cf16683d5af4ce5b42c31d60e5744cf6b7380f05c022d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03018C71200554BBCB11AFB58C09F9F3BB9AF5621AF148048FD509A201CB3ECA12DF67
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • memset.MSVCR100 ref: 6B98CC0C
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6B98D037,?,?,6B98D208,WGLGraphicsConfig_getWGLConfigInfo), ref: 6B98CC16
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,WGLGC_CreateScratchWindow: error registering window class), ref: 6B98CC47
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,6B98D037,?,?,6B98D208,WGLGraphicsConfig_getWGLConfigInfo), ref: 6B98CC61
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: HandleModuleTracefprintf$ImplInit@0fflushmemsetvfprintf
                                                                                                                                                                                                  • String ID: Tmp$WGLGC_CreateScratchWindow: error registering window class
                                                                                                                                                                                                  • API String ID: 803271967-4235559906
                                                                                                                                                                                                  • Opcode ID: 9c3b0bff1940efaa7a5eb19fdb65c15a4018b52c7b1b980a2cf42a36aab2438e
                                                                                                                                                                                                  • Instruction ID: 4c212e334e768a7ac25dbe6c8940486b0d0585b3f01aba561a2214b1aab2479d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c3b0bff1940efaa7a5eb19fdb65c15a4018b52c7b1b980a2cf42a36aab2438e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F801DB7494C300BBF660A7658C47F863B94AF8A704FA4C90DF648752C0D6B4E19587AA
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9BCF47
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                    • Part of subcall function 6B9B94D6: __EH_prolog3_catch.LIBCMT ref: 6B9B94DD
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog3_catch$CreateCurrentEnv@8EventExceptionObjectSingleThreadThrowWait
                                                                                                                                                                                                  • String ID: (J)V$Ljava/awt/print/PrinterJob;$pjob$setHWnd$sun/awt/windows/WPrintDialogPeer
                                                                                                                                                                                                  • API String ID: 1199141719-1767194895
                                                                                                                                                                                                  • Opcode ID: 84bc24aa13956aff3704a22aacf5b115f92dce0d764a60c8e9b9e3c6f53df9c6
                                                                                                                                                                                                  • Instruction ID: f46669f3769494f3fe834ab46ae3ae09a082986b3d9da14a618ca5a6375753ec
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 84bc24aa13956aff3704a22aacf5b115f92dce0d764a60c8e9b9e3c6f53df9c6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DF0AF34248611ABEB009F71C945F8A7BB8AF14229B20C099F8509A241CF3DD641CFB6
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: mallocmemcpyrealloc
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2329886776-0
                                                                                                                                                                                                  • Opcode ID: 6cbc64b9252f1ff3cd304c48a48df3c77813e127af0991eb67520da819c61f65
                                                                                                                                                                                                  • Instruction ID: f5ff0f3b90938538fbba45e38b5898bf0cf197462b8ad1903eaee6999b86ccd8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6cbc64b9252f1ff3cd304c48a48df3c77813e127af0991eb67520da819c61f65
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FCE15470A083819FD320AF29C48865ABBE5FFD9758F51892DE49587312E738E944CF92
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9A8917
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002,00000040,6B9902B8,?,?,?,00000000,00000000,00000000,?,6B9A8D86,00000000,00000000,?,00000000), ref: 6B9A893C
                                                                                                                                                                                                  • cos.MSVCR100 ref: 6B9A8C22
                                                                                                                                                                                                  • sin.MSVCR100 ref: 6B9A8C33
                                                                                                                                                                                                  • floor.MSVCR100 ref: 6B9A8C4A
                                                                                                                                                                                                  • floor.MSVCR100 ref: 6B9A8C64
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: floor$Env@8H_prolog3_catch
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3293856499-0
                                                                                                                                                                                                  • Opcode ID: 748af534346a0425284f9469ed87972f30537abc45668f4b4dfa584a06b46236
                                                                                                                                                                                                  • Instruction ID: 85d3b59a75e0cb221ea535eaee194924a56bcffac79026750efdb5fc66a46194
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 748af534346a0425284f9469ed87972f30537abc45668f4b4dfa584a06b46236
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 39C16731904609EFDF05DFA5C8889EEBBB9FF49300F118169F954A6260CB39DA61CF60
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9A6144
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002,00000014), ref: 6B9A6166
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • wcslen.MSVCR100 ref: 6B9A62BA
                                                                                                                                                                                                  • _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B9A62E8
                                                                                                                                                                                                  • memset.MSVCR100 ref: 6B9A63A2
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B9A63BC
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8ExceptionThrow$??3@CreateCurrentEventH_prolog3_catchObjectSingleThreadWaitmemsetwcslen
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 228569318-0
                                                                                                                                                                                                  • Opcode ID: 83a23d2377ab2d2041d08d77ec383b0fc3f546ce7a21f4d05ef8fa0be1160e37
                                                                                                                                                                                                  • Instruction ID: d4241347f93a19cfa36b130bf9ad1e8ff2f0c6a4a853450aedbb6737d7e52602
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 83a23d2377ab2d2041d08d77ec383b0fc3f546ce7a21f4d05ef8fa0be1160e37
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A81C371A08604ABDF619FB9CC46FAE7BB9EF4A318F408115F911A6291DB3DD406CB60
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9A4876
                                                                                                                                                                                                  • qsort.MSVCR100 ref: 6B9A48DA
                                                                                                                                                                                                  • memcpy.MSVCR100(?,?,00000014), ref: 6B9A4A0E
                                                                                                                                                                                                  • _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B9A4A59
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002,?,?,00000001,?,6B9F9388), ref: 6B9A4A76
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B9A4A80
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8$ExceptionThrowfreememcpyqsort
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 872961485-0
                                                                                                                                                                                                  • Opcode ID: 9dc502a524515528e5523a987ebe531889884c37d87fedc1cd2a0c972295743f
                                                                                                                                                                                                  • Instruction ID: 271045d88006d2f05b35933d7adf728890bb479e914c13c3b6407b13099069bf
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9dc502a524515528e5523a987ebe531889884c37d87fedc1cd2a0c972295743f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC819171A00305AFDB10CFAAC8C4A6AB7F9FF89718B10456DE44AD7651DB39E841CF50
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002,?,00010002), ref: 6B9C07D8
                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000002D), ref: 6B9C07F9
                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000002E), ref: 6B9C0805
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000003), ref: 6B9C084D
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 6B9C0873
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000003), ref: 6B9C0890
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MetricsSystem$Env@8
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2091889503-0
                                                                                                                                                                                                  • Opcode ID: ed22887b8ced2ba87ca4737da8149bdbe61d4be43e5f807a4d3c1e766932b2cf
                                                                                                                                                                                                  • Instruction ID: cda02782c98ec35e1ccacf74734a47c64d6786a81ca80e9df5832b39eb5aa612
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed22887b8ced2ba87ca4737da8149bdbe61d4be43e5f807a4d3c1e766932b2cf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25513D70A00208FFDB04DFA5C849DAE7BB9EF89305F10C46AF9459A251D775CA41CFA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9BE386
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 6B9BE3CD
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B9BE3FB
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B9BE42B
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B9BE439
                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 6B9BE43E
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _control87$Global$CreateCurrentEnv@8EventExceptionH_prolog3_catchLockObjectSingleThreadThrowUnlockWait
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3921025165-0
                                                                                                                                                                                                  • Opcode ID: 3f0842c8090e3f5f2bfa481600861fbce9e77935ea4e9d8b1b6e8bbdb2351686
                                                                                                                                                                                                  • Instruction ID: f2d432b7f57b6971c0db5840a3b2ecbde42197290bcf463316c3cc24c9cfd0bb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f0842c8090e3f5f2bfa481600861fbce9e77935ea4e9d8b1b6e8bbdb2351686
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94310431904709AFEF049F60DC82FAF37B9EF05728F108494FA146A2D1DB79E5149B61
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 6B9B8458: ??3@YAXPAX@Z.MSVCR100(00000000,?,?,6B9B8647,00000000,?,00000000,?,00000000), ref: 6B9B84C7
                                                                                                                                                                                                  • memcmp.MSVCR100(?,00000800,?,00000000,00000000,?,00000000), ref: 6B9B8670
                                                                                                                                                                                                  • memcpy.MSVCR100(00000800,?,?,00000000,00000000,?,00000000), ref: 6B9B869F
                                                                                                                                                                                                  • getenv.MSVCR100 ref: 6B9B86D6
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B9B878A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@freegetenvmemcmpmemcpy
                                                                                                                                                                                                  • String ID: FORCEGRAY
                                                                                                                                                                                                  • API String ID: 3417348503-2223498313
                                                                                                                                                                                                  • Opcode ID: 824adc206ab2d7b1040b1f547c092a84b470b1c63bf1af6335e4a53b79e5d214
                                                                                                                                                                                                  • Instruction ID: 34022690f82f18e7d1508b6598d71cd521c6d103ee842f41729a6d2b3555112d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 824adc206ab2d7b1040b1f547c092a84b470b1c63bf1af6335e4a53b79e5d214
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C510072A047059BE7258F78C8C5BABB3EDBB89318F10456EE066C3291EF38E544CB11
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B94D044
                                                                                                                                                                                                  • _JNU_ThrowArrayIndexOutOfBoundsException@8.JAVA(?,coordinate array), ref: 6B94D055
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,coordinate array), ref: 6B94D062
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8Throw$ArrayBoundsIndexNullPointerfree
                                                                                                                                                                                                  • String ID: coordinate array
                                                                                                                                                                                                  • API String ID: 1155453800-4287150100
                                                                                                                                                                                                  • Opcode ID: 5edf7dc5c5932aee560a52e3e1d15ed67a17c51740bd120817ecef1f483f37c3
                                                                                                                                                                                                  • Instruction ID: 76f85c4a1cbae924941cc3a68683f4720e7cd114fe72516cc70113c790fd6162
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5edf7dc5c5932aee560a52e3e1d15ed67a17c51740bd120817ecef1f483f37c3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA513A75208745AFD325DF59C884EABB3EDAFCA704F10491CF58983340DB39E9028BA6
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B94CA3C
                                                                                                                                                                                                  • _JNU_ThrowArrayIndexOutOfBoundsException@8.JAVA(?,coordinate array), ref: 6B94CA4D
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,coordinate array), ref: 6B94CA5A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8Throw$ArrayBoundsIndexNullPointerfree
                                                                                                                                                                                                  • String ID: coordinate array
                                                                                                                                                                                                  • API String ID: 1155453800-4287150100
                                                                                                                                                                                                  • Opcode ID: 0cf4259e81245e94293b097fdf3c020906fd4c6de420ed679f4a3c00f29662fc
                                                                                                                                                                                                  • Instruction ID: d3e3f8cd06af55ddcf3baa5e5bf1483906dc1df8175bfb10f1768eb46c98655d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0cf4259e81245e94293b097fdf3c020906fd4c6de420ed679f4a3c00f29662fc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88516C71209741AFC325DF59C884EABB7F9AFC9604F11851CF58883241DB35E909CBA6
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9CC561
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9CC583
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B9CC5C8
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2682551001-751156914
                                                                                                                                                                                                  • Opcode ID: 70f361faca0f50521b869ac16d694fe159f23f435030b151c4f9538679aa6023
                                                                                                                                                                                                  • Instruction ID: 4a66a7f2fad8d76f3a75a68bcb5839ec2aa5442b7fe8edcc8b6b497664c1c592
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70f361faca0f50521b869ac16d694fe159f23f435030b151c4f9538679aa6023
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7841CF71108319AFDB506F608E49F5F3FBCAF49714F818568FA06D7291DB38D8418AA3
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002,00000001,?,00000000), ref: 6B994940
                                                                                                                                                                                                  • memset.MSVCR100 ref: 6B99495E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8memset
                                                                                                                                                                                                  • String ID: (I)I$getExtendedKeyCodeForChar$sun/awt/ExtendedKeyCodes
                                                                                                                                                                                                  • API String ID: 129995948-2418500830
                                                                                                                                                                                                  • Opcode ID: f083e1afa65670941d998bd2be78cd72e183353d2ff2b0b9ab5780360f9bfe2e
                                                                                                                                                                                                  • Instruction ID: e2a8b9031d5a04a36006c5951d3ac770affafe79078ec32c0054d921c734c511
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f083e1afa65670941d998bd2be78cd72e183353d2ff2b0b9ab5780360f9bfe2e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8341C471948204AFEBB2AF75DC81B9DB7B8EF09304F54846AE49587380E778C585CF25
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9C852A
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData), ref: 6B9C8596
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B9C8674
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2303478036-751156914
                                                                                                                                                                                                  • Opcode ID: 02f4a31555b5fe7d6e96da5fe34c84a3ebea1e11be17e69c537d9f43ca2d9324
                                                                                                                                                                                                  • Instruction ID: c2d3fded808e1d30f4df3022063c9bca0d31e739dfd08c9a9b691eb4b4319288
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 02f4a31555b5fe7d6e96da5fe34c84a3ebea1e11be17e69c537d9f43ca2d9324
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A414634500504FFCB169F94C888EEEBBB9FF09305F1044A5F989A7221C7359A92DFA6
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 6B97B3AE: malloc.MSVCR100 ref: 6B97B3B6
                                                                                                                                                                                                    • Part of subcall function 6B97B3AE: _SurfaceData_SetOps@12.AWT(?,?,00000000,?,6B924C2A,?,?,0000004C), ref: 6B97B3C7
                                                                                                                                                                                                    • Part of subcall function 6B97B3AE: memset.MSVCR100 ref: 6B97B3D6
                                                                                                                                                                                                  • _JNU_ThrowOutOfMemoryError@8.JAVA(?,Initialization of SurfaceData failed.), ref: 6B94EB18
                                                                                                                                                                                                  • InterlockedIncrement.KERNEL32(6BA1BE78), ref: 6B94EB28
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Initialization of SurfaceData failed., xrefs: 6B94EB12
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Data_Error@8IncrementInterlockedMemoryOps@12SurfaceThrowmallocmemset
                                                                                                                                                                                                  • String ID: Initialization of SurfaceData failed.
                                                                                                                                                                                                  • API String ID: 3793303029-1683995780
                                                                                                                                                                                                  • Opcode ID: 71fff4f399d084c8f56b614f384ae1fa516b9bb1412ece5c4560715d9b2c469f
                                                                                                                                                                                                  • Instruction ID: 08a1ec8e760dcd1b77babbde1a37a9f371ce27d293d4b617b6b9cbe9f2a4aad3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71fff4f399d084c8f56b614f384ae1fa516b9bb1412ece5c4560715d9b2c469f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3141ACB5614B409FC324DF2AD581A6BBBF9FF99748F00892DE18A87701D778E444CB92
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B98E100
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B98E19E
                                                                                                                                                                                                  • wcslen.MSVCR100 ref: 6B98E1B9
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,00000006,00000000,00000004,00000000,?,?,?,00000006,00000000,00000004,00000000,00000000,?,?), ref: 6B98E20B
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionThrow$??3@CreateCurrentEnv@8EventH_prolog3_catchObjectSingleThreadWaitwcslen
                                                                                                                                                                                                  • String ID: java/lang/String
                                                                                                                                                                                                  • API String ID: 877327205-1252039224
                                                                                                                                                                                                  • Opcode ID: 99e576bf36c3ea65ebd0e59c9b5872bca1046083ed054e92a774893707430335
                                                                                                                                                                                                  • Instruction ID: 85356fbae27e0484061f70d3e532c1bdcac251a15cf6cbeca03a50e23c4a8a73
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 99e576bf36c3ea65ebd0e59c9b5872bca1046083ed054e92a774893707430335
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89415976C00209AFDB11DFA4C885DEFBBB8EF19354F10846AE915B7241D7399A458FA0
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9B8D2F
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,00010002), ref: 6B9B8E0C
                                                                                                                                                                                                  • _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B9B8E2F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@Env@8ExceptionThrow
                                                                                                                                                                                                  • String ID: isTrayIconPopup$java/awt/PopupMenu
                                                                                                                                                                                                  • API String ID: 3284872361-3353372021
                                                                                                                                                                                                  • Opcode ID: 4a9715731fb77f65a09cb5c43b8ac174b24a20ae7587eee2ebc090e9371b177d
                                                                                                                                                                                                  • Instruction ID: a7e94f94e1f862099b94b2bacf10dc404e32af96b05b021bd710613ff3df10d9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a9715731fb77f65a09cb5c43b8ac174b24a20ae7587eee2ebc090e9371b177d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 72317A71110611AFCB599FA4C889CAEBBBDFF9A315350886AF94587201CB38D982CF60
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_ThrowArrayIndexOutOfBoundsException@8.JAVA(?,band array), ref: 6B97AF41
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ArrayBoundsException@8IndexThrow
                                                                                                                                                                                                  • String ID: alpha tile array$band array
                                                                                                                                                                                                  • API String ID: 540364022-1923403480
                                                                                                                                                                                                  • Opcode ID: c544584db8ddab1f0afac1d1c679a8697cbc4ae4584a7d15eef1348e8a945bd3
                                                                                                                                                                                                  • Instruction ID: 121c0eb33faeaf2c6f3121bd544122c9708dc8e3abb1fa0a127bd39c3336bee9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c544584db8ddab1f0afac1d1c679a8697cbc4ae4584a7d15eef1348e8a945bd3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62314971100109EFDB229FA4CC89EDE3BF9EF09304F204164F9589A150C739E9619FA5
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9B26D3
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null AWTEvent,?,?,?,?,00000028), ref: 6B9B26FB
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Throw$CreateCurrentEnv@8EventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                                                                                                                                  • String ID: null AWTEvent$null pData$peer
                                                                                                                                                                                                  • API String ID: 608574450-3067571255
                                                                                                                                                                                                  • Opcode ID: 1a172b800ac20d55f2f9c09949d3bcc00fdeccf6cebe9123edae869edd174f98
                                                                                                                                                                                                  • Instruction ID: 2cf97769eb092493d8673de7a91de8a3f24e092184dbce8ca00b68571a6b349d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a172b800ac20d55f2f9c09949d3bcc00fdeccf6cebe9123edae869edd174f98
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 39319A31205604AFDB129F64C889FAF3BB9FF1A705F108498F5409A261C739D902CF6A
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9968A3
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9968BE
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B996901
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2682551001-751156914
                                                                                                                                                                                                  • Opcode ID: 86d7e6a36609a7ae2a03692bbf1fa8a943fb26ec1579186bb9404fb158f5dc05
                                                                                                                                                                                                  • Instruction ID: ebb3c5305da1a32ff7b23b056d88445c514136738f558f4c7034110583c110e5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86d7e6a36609a7ae2a03692bbf1fa8a943fb26ec1579186bb9404fb158f5dc05
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8315E30908608EFCB41EFA5D989EEEBBB8AF09745F548094F441E7241D738D942CBB5
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9B6B33
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002,00000018), ref: 6B9B6B43
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData), ref: 6B9B6B7A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8Exception@8H_prolog3_catchNullPointerThrow
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 1176200671-751156914
                                                                                                                                                                                                  • Opcode ID: a66abf194d024619cbf8f49947cc41ea166885f899493077c4fb5e1d05d9fc13
                                                                                                                                                                                                  • Instruction ID: f079ac695fe5db4b4b43d73f8d155513fd080db458cf2dca6587aa2a615e5fff
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a66abf194d024619cbf8f49947cc41ea166885f899493077c4fb5e1d05d9fc13
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD318E30909614EFCF019FB8C889DDEBBB5BF0A304F5084A9F5459B250CB39DA41DB55
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B996023
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData), ref: 6B996091
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B9960EA
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2303478036-751156914
                                                                                                                                                                                                  • Opcode ID: 5be8c0229cda1bd40b16026d7cddd8c77dedd4e9e0e8c7d12b4a77b3dbc0f233
                                                                                                                                                                                                  • Instruction ID: a914cac021fb00f0a906625b32931d8beaca64d6913bae8384351429df801a0a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5be8c0229cda1bd40b16026d7cddd8c77dedd4e9e0e8c7d12b4a77b3dbc0f233
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A731BD30604204EFDB41DFA9C985EAE7BB9EF4A344B108069F906A7350E735E951DF61
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9C81E8
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B9C823F
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B9C8296
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2303478036-751156914
                                                                                                                                                                                                  • Opcode ID: b1cc9d0828bdb38fe356ad89d80769bbc59820c2b2786c68614fee113ebc2067
                                                                                                                                                                                                  • Instruction ID: 67c3a2caee56abfdf621d8a6c1107162f81a95f0a8eb5d0c5e30b75253864ff2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1cc9d0828bdb38fe356ad89d80769bbc59820c2b2786c68614fee113ebc2067
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98218C30100904AFDB169FA4C98DEAF7BF9EF4A359B1440A8F94597220DB39D9428B63
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9B8AC5
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002,00000010), ref: 6B9B8AD5
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null target), ref: 6B9B8B23
                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 6B9B8B52
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8ErrorException@8H_prolog3_catchLastNullPointerThrow
                                                                                                                                                                                                  • String ID: null target
                                                                                                                                                                                                  • API String ID: 3644746280-2084975241
                                                                                                                                                                                                  • Opcode ID: c0b91d71b7ec81ea73993f04763b1c431a3d54a540f5c63dc2fc4a2359031be3
                                                                                                                                                                                                  • Instruction ID: a5e8237baf35b813b7e270e528d9f563338afc59d58fe1c46a3f7ce3fba08def
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c0b91d71b7ec81ea73993f04763b1c431a3d54a540f5c63dc2fc4a2359031be3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 07317E70905606EFDB059FB9C8C9A9EBBB4AF09304F508469F545E7250D778CA41CFA1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9CC483
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9CC49D
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B9CC4E0
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2682551001-751156914
                                                                                                                                                                                                  • Opcode ID: fb9d0853460409a3fc63101a1972a7678812e9cddbd6b0ee2f3e6f180f3d7fe4
                                                                                                                                                                                                  • Instruction ID: dd0296cdc60194a7e92db0d19b105f65d5bc18230e8e30dac83114f372ab730d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fb9d0853460409a3fc63101a1972a7678812e9cddbd6b0ee2f3e6f180f3d7fe4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D821B331908204FFCF12AFA4C889DAE7FB9EF49305B508469F50196120D739CA82DFA3
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9963FA
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B996414
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B996459
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2682551001-751156914
                                                                                                                                                                                                  • Opcode ID: cd9fd9d1c1ef641a264b4443a07c35da7439a9d8f5f8d694c47d7faa7bad5da3
                                                                                                                                                                                                  • Instruction ID: ef56f93b3052eadb671276cb6021931fdab68bc7ec34fec67aa380e41968e8dc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd9fd9d1c1ef641a264b4443a07c35da7439a9d8f5f8d694c47d7faa7bad5da3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F21BE30108A00BFCB92AFA4CC49F9E7BB9FF4A315F588454F48486661C739D892CFA5
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: freeprintf
                                                                                                                                                                                                  • String ID: %x
                                                                                                                                                                                                  • API String ID: 3279332061-491753007
                                                                                                                                                                                                  • Opcode ID: 4fd7451f36d4e8ad0a9f3923cce13d040ee7852f1fa3b485489cba9e81790b97
                                                                                                                                                                                                  • Instruction ID: 875359b764e09f01bf5e6f70d3b25b500bb955ddf10ae6e4c782412539696172
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4fd7451f36d4e8ad0a9f3923cce13d040ee7852f1fa3b485489cba9e81790b97
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1216D75A18304ABDB10DB68C891E6FB3F5ABC9708F048819FA8593340D7B5EC518BA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9961C4
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B996219
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B996264
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2303478036-751156914
                                                                                                                                                                                                  • Opcode ID: 523b55cbebebc54741fa966592e0fd634884608aaa1b9d27ff4fd32c5990f0c7
                                                                                                                                                                                                  • Instruction ID: 7743a6e1240c66f039171d26d645ee0e16494c41f2b18dcc2d757f7297e230f3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 523b55cbebebc54741fa966592e0fd634884608aaa1b9d27ff4fd32c5990f0c7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B21E130104510AFDB56DF55CC49DAE3BB9EF8A30670480A9F5428B261C738D942CBA0
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B996107
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B99615C
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B9961A7
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2303478036-751156914
                                                                                                                                                                                                  • Opcode ID: 6298587bdb8d945a0182b58d026da0f7a8e5549f3834057f3a5d8702e152079d
                                                                                                                                                                                                  • Instruction ID: 03bd8a6673bc8f42a1235247a51676eef0da0fe85d1a9106a58103fd11739e9d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6298587bdb8d945a0182b58d026da0f7a8e5549f3834057f3a5d8702e152079d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C21B130104520AFDB56DF55DD49DAE3BF9EF8A34271480A9F5428B361C738E942DBA0
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9B64CD
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9B6519
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8Exception@8NullPointerThrow
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 3854714648-751156914
                                                                                                                                                                                                  • Opcode ID: ce468e291852823fc712a4b072be8d42858d7dc24e91fe5eaa921dd83db63d96
                                                                                                                                                                                                  • Instruction ID: e88af617ff82fd1ac9ecc80e75a553b9425a7616f4fd29a6ad139ad0448099e8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce468e291852823fc712a4b072be8d42858d7dc24e91fe5eaa921dd83db63d96
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E411BE31209614BFCB625FB88C49E8BBBBCEF4A3157008424F945CA110D779DA12CBB5
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9C0A6B
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B9C0AD5
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B9C0B05
                                                                                                                                                                                                    • Part of subcall function 6B9C07C3: _JNU_GetEnv@8.JAVA(00010002,?,00010002), ref: 6B9C07D8
                                                                                                                                                                                                    • Part of subcall function 6B9C07C3: GetSystemMetrics.USER32(0000002D), ref: 6B9C07F9
                                                                                                                                                                                                    • Part of subcall function 6B9C07C3: GetSystemMetrics.USER32(0000002E), ref: 6B9C0805
                                                                                                                                                                                                    • Part of subcall function 6B9C07C3: GetSystemMetrics.USER32(00000003), ref: 6B9C0890
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MetricsSystem$Env@8$??3@Exception@8NullPointerThrow
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 860580581-751156914
                                                                                                                                                                                                  • Opcode ID: ef806a733e853c46eb6d0a1e785f6f0991791190ba88776074b19350fae6b8da
                                                                                                                                                                                                  • Instruction ID: fa98a63cb8db53cb82dc6edf0a1aefe9c2825cc00d16c41a5e3f5bfeaf2e6267
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef806a733e853c46eb6d0a1e785f6f0991791190ba88776074b19350fae6b8da
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89219071504205FFDB02DFA8C889EAE7BB9FF49704B118069F91997210E735D941DF62
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9C834E
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B9C83A8
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,00000000,?,00010002), ref: 6B9C83DF
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2303478036-751156914
                                                                                                                                                                                                  • Opcode ID: bd24f446204a9f97ea6914fae96c70514204aa1fbc115f49bdba320c53dc6ded
                                                                                                                                                                                                  • Instruction ID: 0b0fe6b4c2583a79f088b171bdf121c6c9434d488c3291f80b4b519837819502
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd24f446204a9f97ea6914fae96c70514204aa1fbc115f49bdba320c53dc6ded
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1811AC31104684BFDB169B64CC89EAF3BB89F4A314B048095FA409A241D739CA42CB63
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9C013B
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B9C0197
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B9C01C7
                                                                                                                                                                                                    • Part of subcall function 6B9C00D5: memset.MSVCR100 ref: 6B9C00F0
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrowmemset
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 1994468149-751156914
                                                                                                                                                                                                  • Opcode ID: 7e253ed5f1cebe6af6bdc2ef02befc351a683d2373418fb1065f01cd2e53e8ff
                                                                                                                                                                                                  • Instruction ID: c888da45d455cc75010c4abc5a46d951db8c5fbdd115743a40c47dbec0a2900e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e253ed5f1cebe6af6bdc2ef02befc351a683d2373418fb1065f01cd2e53e8ff
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A118BB0604614BFDB019F64CC89E9FBBBDEF09355B118068F9049B250D739DD82CBA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9C2BB0
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9C2BCE
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B9C2C0A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2682551001-751156914
                                                                                                                                                                                                  • Opcode ID: 456c6d4f46f70b41733c1abe42059cdc63798c508eda51a7b17c6e00ecbb6b09
                                                                                                                                                                                                  • Instruction ID: 7d69ccc673605cacee7d8d86f72ceb0004f286868ff44fb3ad9cdc8e82cea38d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 456c6d4f46f70b41733c1abe42059cdc63798c508eda51a7b17c6e00ecbb6b09
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10118E31144604BFDB129F65CD4AEAF7BBCEF09355B1080A4F9019B261D739DE428BA6
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9C2AFE
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9C2B1C
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B9C2B58
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2682551001-751156914
                                                                                                                                                                                                  • Opcode ID: fcff0b91ba3efd1ffc9f11e97db6fd174e6bd524122e09deb07e30dd5b2b8a6a
                                                                                                                                                                                                  • Instruction ID: 4e9cda9fd250d3516313aa395361abf4e6e024b664fba1ff8f2c22e5d66d0e02
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fcff0b91ba3efd1ffc9f11e97db6fd174e6bd524122e09deb07e30dd5b2b8a6a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB119031108604BFDB029F65CC49FAE7BBCEF0A355B108068F9049B250CB39DD428BA6
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9966AF
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9966D0
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B99670C
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2682551001-751156914
                                                                                                                                                                                                  • Opcode ID: ce1bcb7f4d5494d29bfd5d02056e2297af49dbce75dc5077be6378b1710c6bac
                                                                                                                                                                                                  • Instruction ID: e846f9dd7f19ec338acdb9d298816e0d93e674f5ad3d829646ba13de2ff649d8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce1bcb7f4d5494d29bfd5d02056e2297af49dbce75dc5077be6378b1710c6bac
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2611CE70209614AFD751AF28EC89DAE7BFCEF4A355B154469F041C7220DB29DD42CBB2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B992A85
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B992AA0
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B992ADC
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2682551001-751156914
                                                                                                                                                                                                  • Opcode ID: 73a722da78857a44079ef69e3df5a825e5a1480150a9cbe26074235c6bfdcbfa
                                                                                                                                                                                                  • Instruction ID: d084e4d39aac32b829aa6deb355e7c688e8e7890983239b753150ea458cbb9ee
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 73a722da78857a44079ef69e3df5a825e5a1480150a9cbe26074235c6bfdcbfa
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D11E331248A00FFD752AF65CC49F9A7BBCEF0A715F154064F5409B691C738D842CB65
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9965F1
                                                                                                                                                                                                    • Part of subcall function 6B993B9F: GetCurrentThreadId.KERNEL32 ref: 6B993B9F
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer,?,00010002), ref: 6B996616
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B996652
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$CurrentEnv@8Thread
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 3388503201-751156914
                                                                                                                                                                                                  • Opcode ID: 7acc58a7083ea5918d535887acbc3e7318ab72547dee997a21f7cff02a816a60
                                                                                                                                                                                                  • Instruction ID: 85e3b226369496776924d8efa6b05f8ca8401a56b31cf2f67eeaff6d526ea0f4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7acc58a7083ea5918d535887acbc3e7318ab72547dee997a21f7cff02a816a60
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29119131108600BFDB826F25EC49E9A7BBDEF4B355B498065F54496520CB39D882CFA9
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9B499C
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B9B49F0
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B9B4A20
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2303478036-751156914
                                                                                                                                                                                                  • Opcode ID: a853c9816827c036cb9ecdf32714ad8ead3cc8d802a8f3c7f625a9e5137c981c
                                                                                                                                                                                                  • Instruction ID: 0f3502477e2d6b4d05be345f4d35c4c2c01ddb17c0012af5d9cf682d58606463
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a853c9816827c036cb9ecdf32714ad8ead3cc8d802a8f3c7f625a9e5137c981c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C11AC31144510AFCB128B228D09EAB7BBCEF877057024068F9849B251CB3AC842DFB5
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B99699D
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9969BA
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B9969F6
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2682551001-751156914
                                                                                                                                                                                                  • Opcode ID: 301b66a24f94c8bcc1ff586b30bdd941441ae0ceb8be7cff6aba0103b3c3c055
                                                                                                                                                                                                  • Instruction ID: 6b1eba0a7d55eef98c20ae112c8e3a0a0b8ab05d001f6ca95e924dbd8a5b3818
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 301b66a24f94c8bcc1ff586b30bdd941441ae0ceb8be7cff6aba0103b3c3c055
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9211C431146514AFC752AF66DC09EDA7BBCEF4634971B8065F44097211CB29D882CBB5
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B990FEC
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B991047
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B991068
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2303478036-751156914
                                                                                                                                                                                                  • Opcode ID: 0fae5dafcba20deb2fdeb2fa6f5b162277cc768618faa3f673180d069aa6bad1
                                                                                                                                                                                                  • Instruction ID: f433436c57ff1bb5b35382b697626bbb873644e7b28b4169df3e937989053ad8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0fae5dafcba20deb2fdeb2fa6f5b162277cc768618faa3f673180d069aa6bad1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B112C311085A47FD7529F64C849EEA7FBCEF1B34471880A4F58447302D32AD942CBB1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B996E49
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B996EB4
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B996ECD
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2303478036-751156914
                                                                                                                                                                                                  • Opcode ID: 7c705eb26ba08c842c55aa315f075e14a7af7e876caa86c2c8969f0aae148227
                                                                                                                                                                                                  • Instruction ID: ebdb666d6d11e54da3167af5591993d02c5670928e8e24d44a98f8ea7c3022d6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c705eb26ba08c842c55aa315f075e14a7af7e876caa86c2c8969f0aae148227
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC118C31204600AFD7529F64C989F6B7BF8EF89716F158498F5058B220D73AE862DFA1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9CE554
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B9CE5A9
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,00010002), ref: 6B9CE5CD
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2303478036-751156914
                                                                                                                                                                                                  • Opcode ID: 4ff337150d00bba9e8a080b77242b9a181c36d23a70aed28a2b78a6b01d73fb0
                                                                                                                                                                                                  • Instruction ID: 1d2a9e842100a668f383444af7e37e25894580d932f5d1a39d744bf63d5f664c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ff337150d00bba9e8a080b77242b9a181c36d23a70aed28a2b78a6b01d73fb0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F011E531118A80AFCB128F64C849DDF3FB8DF4631570440A9F5458B215D739DA42CB77
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9CE42F
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B9CE484
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,?,00000001,00000000,?,00010002), ref: 6B9CE4A7
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2303478036-751156914
                                                                                                                                                                                                  • Opcode ID: 0267ab62a4512c651d4b07bcb39b150e880c77a82f38c3cf2b6485a05df0b187
                                                                                                                                                                                                  • Instruction ID: d6b7ddcd40d6843903bcdaee7a4a1ad06c1bbd933c97d986a520c927fdf8a05c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0267ab62a4512c651d4b07bcb39b150e880c77a82f38c3cf2b6485a05df0b187
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C11E131104A00BFCB228F65CC4AF9B3FBDEF46754B1080A4FA459B251C729E842CBA3
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9929E9
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B992A04
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B992A40
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2682551001-751156914
                                                                                                                                                                                                  • Opcode ID: fc76ce6505bd7b33d36e58cd8fa04ce509819ab03ed5caaae1f2b96ffe9c858f
                                                                                                                                                                                                  • Instruction ID: 7f3570e98d8953ffa181dcdaf0f680b7ae182c0a10aca34e8c7582a32e13a8e4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc76ce6505bd7b33d36e58cd8fa04ce509819ab03ed5caaae1f2b96ffe9c858f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37112632109900BFD762AF25CC49F9E7BBDEF4A345F068064F540962A0CB38C8428B61
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9CE4C1
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B9CE515
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,?,00000001,00000000,?,00010002), ref: 6B9CE538
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2303478036-751156914
                                                                                                                                                                                                  • Opcode ID: 91dfcb4b7ccfd3e6e96bccaddb935ea879e4102abbfb0e8100a3e19aef61b67e
                                                                                                                                                                                                  • Instruction ID: 256d9be89b4c15606e508b1e4c64c90a12ecf3ce48c4994139bc5d10f827492a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91dfcb4b7ccfd3e6e96bccaddb935ea879e4102abbfb0e8100a3e19aef61b67e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F012631214A90ABCB228B71CC4AF9B3FBCDF8B705B014494F1825B251D72AE802CB73
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9B490C
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9B4929
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B9B4965
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2682551001-751156914
                                                                                                                                                                                                  • Opcode ID: 6dc8f86a1cfb48d93213321a7740241ecca0679707ee580127e443f1906eab73
                                                                                                                                                                                                  • Instruction ID: 33d64208bb9023692dd85c60c6dbdb5c228e3e0c0fb810171af2999689678b7f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6dc8f86a1cfb48d93213321a7740241ecca0679707ee580127e443f1906eab73
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E501F531109A14BFD7129F64CC88E9B7BBCEF1A7457014064F44097311CB39D8029F76
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9B4142
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9B415F
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,?,00010002), ref: 6B9B419B
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2682551001-751156914
                                                                                                                                                                                                  • Opcode ID: 920b8c1415f340727cd62ba0349f4176c79e4c2d9d318ea671e034d18cb69ddb
                                                                                                                                                                                                  • Instruction ID: 6bbac6fe97bb5b95e0c04107c4abcc59a47e906ad76adad6e555fba1ff1a91d6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 920b8c1415f340727cd62ba0349f4176c79e4c2d9d318ea671e034d18cb69ddb
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B311AD30108A10AFD7129F65CC4AE9B7BB9EF2A355B018068F94097320D739C8429F66
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9C82C7
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B9C831A
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,?,?,00010002), ref: 6B9C8331
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2303478036-751156914
                                                                                                                                                                                                  • Opcode ID: 228b221ffb4ed12fae82c593f2ba40854c7617d286ecb112aa75ece2a9104ba2
                                                                                                                                                                                                  • Instruction ID: 3341a7279bc46771b47c62e1bf9e5fd9444335973ccf8b3e578aa9c62e8b8c82
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 228b221ffb4ed12fae82c593f2ba40854c7617d286ecb112aa75ece2a9104ba2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB01D431104910AFCB269F65CC8DDAF7BBCEF8A7553514465F9409B212C729E842CBB7
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9C01E2
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9C01FD
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B9C0239
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2682551001-751156914
                                                                                                                                                                                                  • Opcode ID: f295807c3c5a1d3697f3a137e7057f82c90c5bfe46c29b9b6918bd2cd504ef55
                                                                                                                                                                                                  • Instruction ID: bbed71aac8e69ef8693da5ae1a3794f6887cd03076394d157054a05c7d19e1fa
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f295807c3c5a1d3697f3a137e7057f82c90c5bfe46c29b9b6918bd2cd504ef55
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8701B170104910AFD7135FA5CC89EAF7BBDEF8A3597058065F54487210CB38C8428B7B
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B996753
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B99676E
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B9967AA
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2682551001-751156914
                                                                                                                                                                                                  • Opcode ID: 185dd4d1f3f24264f669729391f5c24aa0c93c22a42e5990d8c55ec7d88b9adf
                                                                                                                                                                                                  • Instruction ID: 763504ef58c9cddf8697e16c99055a6dbcacda2c58711209323923f00ae54c25
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 185dd4d1f3f24264f669729391f5c24aa0c93c22a42e5990d8c55ec7d88b9adf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13019E30105A10AFDB92AF64D888EEE7BBDEF4A7563594064F540D7220CB29C842CBA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9B41D8
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9B41F3
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B9B422F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2682551001-751156914
                                                                                                                                                                                                  • Opcode ID: 21518c6cfedac32891b4d46c380641e2455851aa82b14b5789d387006ac5520d
                                                                                                                                                                                                  • Instruction ID: 5eba12b7854cbf7437b198039b3c4a3b9959a5cba43cfddb0fb58448fa1f7c18
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21518c6cfedac32891b4d46c380641e2455851aa82b14b5789d387006ac5520d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B017131109910AFD7229F65CC49D9F7BBDEF5A3593158069F54187210CB38DC42AFB6
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9AA073
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9AA08E
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,00010002), ref: 6B9AA0CA
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$Env@8
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2682551001-751156914
                                                                                                                                                                                                  • Opcode ID: 89710d799f752e51e24e12a2de17c46d4f4f1ac290dafb48ac4c07bf2f6a5ea9
                                                                                                                                                                                                  • Instruction ID: 890fa71b59a4fd7c5f7ee3a3362cfb2604ba61be6d9db8e30e0436c47e69c048
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 89710d799f752e51e24e12a2de17c46d4f4f1ac290dafb48ac4c07bf2f6a5ea9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C601B131108920AFD7229F65CC8DE9A7BBDEF07359B118068F54496210CB28D8429B75
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9CE179
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData,?,?,00010002), ref: 6B9CE1C9
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?,?,00000000,?,00010002), ref: 6B9CE1E0
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2303478036-751156914
                                                                                                                                                                                                  • Opcode ID: c767977a94b97f42b3ea0ed25e12024fb1dd2e3be3bfa68905f47735c229acfb
                                                                                                                                                                                                  • Instruction ID: 0419de0d5b56054f57f2f770961913189e83d709a698a686a73ca4fc1f3d30e5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c767977a94b97f42b3ea0ed25e12024fb1dd2e3be3bfa68905f47735c229acfb
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C301F231254A10AFD7229F64CC4AE9F3BBCEF8A3053108464F54187210C72DE942CBB3
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,Attempt to lock missing colormap), ref: 6B924BBE
                                                                                                                                                                                                  • _SurfaceData_IntersectBounds@8.AWT(?,?), ref: 6B924BE6
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,Could not initialize inverse tables), ref: 6B924C0D
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Attempt to lock missing colormap, xrefs: 6B924BB6
                                                                                                                                                                                                  • Could not initialize inverse tables, xrefs: 6B924C07
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow$Bounds@8Data_IntersectSurface
                                                                                                                                                                                                  • String ID: Attempt to lock missing colormap$Could not initialize inverse tables
                                                                                                                                                                                                  • API String ID: 2795543317-2757055519
                                                                                                                                                                                                  • Opcode ID: ee7fcfa46b87fd5bb27d519ea6e4fede6be43356bf2eb0a6961a39901cff5311
                                                                                                                                                                                                  • Instruction ID: b36500a213fd7cd47f28e5df761f0a236a208b0724d802d3d0c045cd0e82797d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee7fcfa46b87fd5bb27d519ea6e4fede6be43356bf2eb0a6961a39901cff5311
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C001B1359156099BDB20AF35D984B8E3BA8AF5132EF014155FA1496286D379D4108FB1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(80000001,Keyboard Layout\Preload,00000000,00020019,?,00000001), ref: 6B9B2C1D
                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,6B9F41C4,00000000,00000000,?,00000010), ref: 6B9B2C39
                                                                                                                                                                                                  • wcstoul.MSVCR100 ref: 6B9B2C4D
                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 6B9B2C5B
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Keyboard Layout\Preload, xrefs: 6B9B2C0C
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CloseOpenQueryValuewcstoul
                                                                                                                                                                                                  • String ID: Keyboard Layout\Preload
                                                                                                                                                                                                  • API String ID: 4145366269-3340346415
                                                                                                                                                                                                  • Opcode ID: 116c6390d03dda60071bf03ce5586a05f663de60ec857b6e982c3614d09a6c43
                                                                                                                                                                                                  • Instruction ID: 3a97e09ca31823f45479b24d1ba42240b391beda3bdd76552a4438ba64a39398
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 116c6390d03dda60071bf03ce5586a05f663de60ec857b6e982c3614d09a6c43
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57012171A04109BBDB10DBA2DD4AEEF7BBCEB95705F004525EA01E2140E674D956DB60
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • memset.MSVCR100 ref: 6B98CEB7
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,WGLGC_SetBasicPixelFormatForDC: error setting pixel format), ref: 6B98CEF8
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Tracefprintf$ImplInit@0fflushmemsetvfprintf
                                                                                                                                                                                                  • String ID: %$($WGLGC_SetBasicPixelFormatForDC: error setting pixel format
                                                                                                                                                                                                  • API String ID: 3389570045-699601861
                                                                                                                                                                                                  • Opcode ID: d098d7a7880e0040abe7ce561f0682ac598fda039c82c067aeb0a62580dc36a1
                                                                                                                                                                                                  • Instruction ID: d17b56f836e67d4b015521152b649a3065057f394479236f707f7c31acb96c22
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d098d7a7880e0040abe7ce561f0682ac598fda039c82c067aeb0a62580dc36a1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E018B705183006FD654DF71CC47B6A77D8AF5D709F84891CF44996280E7B9D2498BA3
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9C0373
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                                                                                                                                  • String ID: Ljava/awt/ScrollPaneAdjustable;$hAdjustable$scrollbarDisplayPolicy$vAdjustable
                                                                                                                                                                                                  • API String ID: 2376344244-3635679437
                                                                                                                                                                                                  • Opcode ID: cd7236b21a734eca5e8f3b79469b2fdab91706dda544e47736cfb9025ad115a9
                                                                                                                                                                                                  • Instruction ID: 61ea4fafc272390c59e6658a7241972c2c3ce402df5c054dce9145a34c1ea2e7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd7236b21a734eca5e8f3b79469b2fdab91706dda544e47736cfb9025ad115a9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EAF03179504614ABDB41AF758809F8E3BB9AF5532AF44C054B5459B241CB39D501CB26
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9AA647
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                                                                                                                                  • String ID: ()V$activateEmbeddingTopLevel$handle$isEmbeddedInIE
                                                                                                                                                                                                  • API String ID: 2376344244-3867668276
                                                                                                                                                                                                  • Opcode ID: e0b41e48fe9001712f1b3979514d0a2b1c0e73e978fde4bb8581787be6693d5b
                                                                                                                                                                                                  • Instruction ID: 696444acc23a613964317b2afe12e327c230ba18a6b25a38a678e2ef40b65c41
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e0b41e48fe9001712f1b3979514d0a2b1c0e73e978fde4bb8581787be6693d5b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69F03778544A11BBDB11AF75C809F897BB8AF5822AF00C0A5F9A89B241DB3CC101CF62
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9B2B83
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • JNU_CallStaticMethodByName.JAVA(?,00000000,java/util/Locale,forLanguageTag,(Ljava/lang/String;)Ljava/util/Locale;,00000000), ref: 6B9B2BBE
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CallCreateCurrentEnv@8EventExceptionH_prolog3_catchMethodNameObjectSingleStaticThreadThrowWait
                                                                                                                                                                                                  • String ID: (Ljava/lang/String;)Ljava/util/Locale;$forLanguageTag$java/util/Locale
                                                                                                                                                                                                  • API String ID: 3925435092-3289162403
                                                                                                                                                                                                  • Opcode ID: f40c68c59e9a2eef2ad751e8841256cf64bfdc751f924036e1f10ef1b9583167
                                                                                                                                                                                                  • Instruction ID: 31d7fd00e0012a5804616a9b3ef487d143c082db6800dbbf174546d2664a9105
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f40c68c59e9a2eef2ad751e8841256cf64bfdc751f924036e1f10ef1b9583167
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79F0B434600600ABC7506B798D46F4E7AB89FB521AF10C455BC44A7300DB3CD5008B62
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • JDK_LoadSystemLibrary.JAVA(user32.dll), ref: 6B9CA8D4
                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SetProcessDPIAware), ref: 6B9CA8E6
                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 6B9CA8F3
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Library$AddressFreeLoadProcSystem
                                                                                                                                                                                                  • String ID: SetProcessDPIAware$user32.dll
                                                                                                                                                                                                  • API String ID: 3631531432-1137607222
                                                                                                                                                                                                  • Opcode ID: 4a7f669532d8f9a292a56808988ab47c6e00c4e22ab456f80982b43baa410d51
                                                                                                                                                                                                  • Instruction ID: 3d18ead254572b01c716731b6c2e0da3277f98f3c08d03907ebf0b7ab97c8d46
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a7f669532d8f9a292a56808988ab47c6e00c4e22ab456f80982b43baa410d51
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FBE06D31409B22ABEB416B71CC09B9B7668FF53239F108065E00155145CB7CC4C3C6AB
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9AA348
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                                                                                                                                  • String ID: ()I$(I)V$getExtendedState$setExtendedState
                                                                                                                                                                                                  • API String ID: 2376344244-1152548237
                                                                                                                                                                                                  • Opcode ID: f5d5c139e3c1682b5ecd7606ba39911a0b00060afedb33f92a20447964cbfe00
                                                                                                                                                                                                  • Instruction ID: 733d0547582b58753872b494aabf7d30bdbaf6be12234e81de304853900c9484
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5d5c139e3c1682b5ecd7606ba39911a0b00060afedb33f92a20447964cbfe00
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18F0A978500A01ABCF01AFB1C809F8E3BB8AF5921AF00C095BA949B241CB3CC601CF32
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9B6078
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                                                                                                                                  • String ID: ()I$(I)Ljava/awt/MenuItem;$countItemsImpl$getItemImpl
                                                                                                                                                                                                  • API String ID: 2376344244-3269604386
                                                                                                                                                                                                  • Opcode ID: bc70ccc79a861ad366ca00dfd0aaf1a8f2f00d63ebb6068c0adb81135ec7b6da
                                                                                                                                                                                                  • Instruction ID: a6617a5f19719a74d97d0356f07ae1515d4e57e0a669cb5e4c331ba98c2d19cc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc70ccc79a861ad366ca00dfd0aaf1a8f2f00d63ebb6068c0adb81135ec7b6da
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8CF08C38500600ABCF019F75C909B4E7BB4BF5A31AF10C454F9849B250CB38D605CF21
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9B66CC
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                                                                                                                                  • String ID: ()I$(I)Ljava/awt/Menu;$getMenuCountImpl$getMenuImpl
                                                                                                                                                                                                  • API String ID: 2376344244-3121645580
                                                                                                                                                                                                  • Opcode ID: e1439e4f53da9a3809f5a6125f4d4e6818b9d9c2e3f7979704d66af5c74a5d94
                                                                                                                                                                                                  • Instruction ID: e0df4a099489d8eb59513d2176f2e2df82cd37b22fbb8fca96412c14462dc985
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e1439e4f53da9a3809f5a6125f4d4e6818b9d9c2e3f7979704d66af5c74a5d94
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36F0A038500611ABCF01AFB0C949F4A7BB8AF19229F10C055B9549B360CB3CD501CF22
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9BA6F4
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                                                                                                                                  • String ID: (J)V$Lsun/awt/windows/WComponentPeer;$parent$setHWnd
                                                                                                                                                                                                  • API String ID: 2376344244-1041294591
                                                                                                                                                                                                  • Opcode ID: d89fced234d14ca45c500e8b3b263609b37ed50c09f1a8301300ff10ce446a99
                                                                                                                                                                                                  • Instruction ID: 9a061a7d6fdf6728a06df9317f48f81b29bdf3e33468ba041b717440f39a8409
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d89fced234d14ca45c500e8b3b263609b37ed50c09f1a8301300ff10ce446a99
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7F01C78514610EBDB11AF71C849B8937B4AF1532EF50C455F944AB251CB3DD501CB2A
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9CA887
                                                                                                                                                                                                  • JNU_CallStaticMethodByName.JAVA(00000000,00000000,sun/awt/Win32GraphicsEnvironment,dwmCompositionChanged,(Z)V,?,00010002), ref: 6B9CA8A2
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CallEnv@8MethodNameStatic
                                                                                                                                                                                                  • String ID: (Z)V$dwmCompositionChanged$sun/awt/Win32GraphicsEnvironment
                                                                                                                                                                                                  • API String ID: 1967811119-2490318706
                                                                                                                                                                                                  • Opcode ID: 400305ee99bf0ade3c74bd3d140b1e4269e7323ea588db3ac27080321fe7058c
                                                                                                                                                                                                  • Instruction ID: 16a260e5acb0b636981f2231315d924d0f0a6bc8a45817a70c538ad27f79ca7e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 400305ee99bf0ade3c74bd3d140b1e4269e7323ea588db3ac27080321fe7058c
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CD0A7B05847007ACF11AB718C83F59353C57B620AFC0C418710136292D27DD542CBB4
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _SurfaceData_IntersectBoundsXYXY@20.AWT(?,00000000,00000000,?,?), ref: 6B932E02
                                                                                                                                                                                                  • ?IsTextureFilteringSupported@D3DContext@@QAEHW4_D3DTEXTUREFILTERTYPE@@@Z.AWT(00000001,?,00000000,00000000,?,?), ref: 6B932EDF
                                                                                                                                                                                                  • ?GetClipType@D3DContext@@QAE?AW4ClipType@@XZ.AWT ref: 6B932F83
                                                                                                                                                                                                  • ?IsStretchRectFilteringSupported@D3DContext@@QAEHW4_D3DTEXTUREFILTERTYPE@@@Z.AWT(00000001), ref: 6B932F97
                                                                                                                                                                                                  • ?D3DBlitToSurfaceViaTexture@@YAJPAVD3DContext@@PAUSurfaceDataRasInfo@@HPAU_D3DSDOps@@EJJJJJNNNN@Z.AWT(?,?,00000001,?,00000000,00000002,?,?,?,?), ref: 6B93303C
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Context@@$Surface$ClipE@@@FilteringSupported@$BlitBoundsDataData_Info@@IntersectOps@@RectStretchTextureTexture@@Type@Type@@Y@20
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1981780800-0
                                                                                                                                                                                                  • Opcode ID: 16b039d9390de05c8ffc416e61e02f54b1d9ca51fcd3ef8fb158722700403a2a
                                                                                                                                                                                                  • Instruction ID: 4ccb54d227416c8915dadd18ff51c9722f17871197924e9e01e470afc61d1c4c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 16b039d9390de05c8ffc416e61e02f54b1d9ca51fcd3ef8fb158722700403a2a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7B19A71608749EFCB14CF65D884AAEBBF5FF88344F41895CF89982284DB35D894CB92
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _GrPrim_Sg2dGetPixel@8.AWT(?,?), ref: 6B94217A
                                                                                                                                                                                                  • _GetNativePrim@8.AWT(?,?,?,?), ref: 6B942185
                                                                                                                                                                                                    • Part of subcall function 6B94F1F0: _JNU_ThrowInternalError@8.JAVA(?,Non-native Primitive invoked natively,?,?,6B924157,?,?), ref: 6B94F219
                                                                                                                                                                                                  • _GrPrim_Sg2dGetCompInfo@16.AWT(?,?,00000000,?,?,?,?,?), ref: 6B9421AA
                                                                                                                                                                                                  • _SurfaceData_GetOps@8.AWT(?,?,?,?,?,?), ref: 6B9421B1
                                                                                                                                                                                                  • _GrPrim_Sg2dGetClip@12.AWT(?,?,?,?,?,?,?,?,?), ref: 6B9421C9
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Prim_Sg2d$Clip@12CompData_Error@8Info@16InternalNativeOps@8Pixel@8Prim@8SurfaceThrow
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 731971863-0
                                                                                                                                                                                                  • Opcode ID: c914f76fd23ba4195118e4eaf2b362d1b2e643c0bc2bfb2f19b66fdf71af8b62
                                                                                                                                                                                                  • Instruction ID: 58aeed758a21380f3d47ff59104e7178e1549a677481af2abd71541f0c5927e3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c914f76fd23ba4195118e4eaf2b362d1b2e643c0bc2bfb2f19b66fdf71af8b62
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D0A12771228341AFD318CE58C880E6FB7F9FBC9704F50892DF699C7250E675E9468B62
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _GrPrim_Sg2dGetPixel@8.AWT(?,?), ref: 6B944651
                                                                                                                                                                                                  • _GetNativePrim@8.AWT(?,?), ref: 6B944679
                                                                                                                                                                                                    • Part of subcall function 6B94F1F0: _JNU_ThrowInternalError@8.JAVA(?,Non-native Primitive invoked natively,?,?,6B924157,?,?), ref: 6B94F219
                                                                                                                                                                                                  • _GrPrim_Sg2dGetCompInfo@16.AWT(?,?,00000000,?,?,?), ref: 6B94469C
                                                                                                                                                                                                  • _SurfaceData_GetOps@8.AWT(?,?,?,?), ref: 6B9446A7
                                                                                                                                                                                                  • _GrPrim_Sg2dGetClip@12.AWT(?,?,?,?,?,?,?), ref: 6B944709
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Prim_Sg2d$Clip@12CompData_Error@8Info@16InternalNativeOps@8Pixel@8Prim@8SurfaceThrow
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 731971863-0
                                                                                                                                                                                                  • Opcode ID: 2aaf54c09b14f47c6935f8589ebb99097422facab7e3b57665e301da792fa598
                                                                                                                                                                                                  • Instruction ID: 1153ab98d40a38b21e915962688ac1361e203db87b0f8a40cb29676d51d8cbec
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2aaf54c09b14f47c6935f8589ebb99097422facab7e3b57665e301da792fa598
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13912671608341AFD324CF65C880FABB7E9ABC4704F508A1DF59897290DB74E945CFA6
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _Region_StartIteration@8.AWT(?,?,?,?), ref: 6B97EF87
                                                                                                                                                                                                  • _Region_NextIteration@8.AWT(?,?,?,?,?,?), ref: 6B97EF92
                                                                                                                                                                                                  • _Transform_transform@12.AWT(?,?,?,?,?,?,?,?,?), ref: 6B97F025
                                                                                                                                                                                                  • _Region_NextIteration@8.AWT(?,?,?,?,?,?,?,?), ref: 6B97F1A5
                                                                                                                                                                                                  • _Region_EndIteration@8.AWT(?,?,?,?,?,?,?,?), ref: 6B97F1B8
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Iteration@8Region_$Next$StartTransform_transform@12
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3152154792-0
                                                                                                                                                                                                  • Opcode ID: 82fe71168ee03400cc2ad9d59b9bceb02c7651a62b011b007aa373a102123c43
                                                                                                                                                                                                  • Instruction ID: fc8c0c1618d653352e483784758a37a494c0456cf183b2bbd29542f27b87ab68
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 82fe71168ee03400cc2ad9d59b9bceb02c7651a62b011b007aa373a102123c43
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 679147B1608741AFC324DF24C984A5ABBF5FBC9748F208A1DF99997390D734E8418F92
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?DrawTexture@D3DVertexCacher@@QAEJMMMMMMMM@Z.AWT ref: 6B9325A1
                                                                                                                                                                                                  • ?DrawTexture@D3DVertexCacher@@QAEJMMMMMMMM@Z.AWT ref: 6B9325EB
                                                                                                                                                                                                  • ?DrawTexture@D3DVertexCacher@@QAEJMMMMMMMM@Z.AWT ref: 6B932635
                                                                                                                                                                                                  • ?DrawTexture@D3DVertexCacher@@QAEJMMMMMMMM@Z.AWT ref: 6B93267F
                                                                                                                                                                                                  • ?DrawTexture@D3DVertexCacher@@QAEJMMMMMMMM@Z.AWT ref: 6B9326D1
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Cacher@@DrawTexture@Vertex
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 176133026-0
                                                                                                                                                                                                  • Opcode ID: 9e19764feceb8bc8c026398799145b8abc4ebc7284f54a6a3f11962a659df832
                                                                                                                                                                                                  • Instruction ID: 2137d5e9f2df6442e5a3de4ebf5030d542d93e165f861763d63ecff1ed3c7408
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e19764feceb8bc8c026398799145b8abc4ebc7284f54a6a3f11962a659df832
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB615C71A0A341DFD305AE55E28842ABFF0FBD4794FA24D8CE0D5221A9D7358974CE8B
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B9B4F7D
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B9B4F8C
                                                                                                                                                                                                  • _CxxThrowException.MSVCR100(00000000,00000000), ref: 6B9B4F94
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@$ExceptionThrow
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2803161813-0
                                                                                                                                                                                                  • Opcode ID: e472f55df2dd5e56538ee1b5ffe43c03c3ccd6d97248bb7ad62748261fcffaec
                                                                                                                                                                                                  • Instruction ID: b65261edda436e702e0c9b3e0b4aff8cfb6579c7d7e6ecc51f1eca1d4a29545a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e472f55df2dd5e56538ee1b5ffe43c03c3ccd6d97248bb7ad62748261fcffaec
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C513B71900618AFDF119FA5CC85EAEBBB9FF1D324F204619F255A62A0CB35E851DF20
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • TlsGetValue.KERNEL32(FFFFFFFF), ref: 6B94E83A
                                                                                                                                                                                                  • memset.MSVCR100 ref: 6B94E855
                                                                                                                                                                                                  • TlsSetValue.KERNEL32(FFFFFFFF,00000000), ref: 6B94E865
                                                                                                                                                                                                  • _Disposer_AddRecord@20.AWT(?,00000000,Function_0002D930,00000000), ref: 6B94E899
                                                                                                                                                                                                  • _GDIWindowSurfaceData_GetComp@8.AWT(?,?), ref: 6B94E8E5
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Value$Comp@8Data_Disposer_Record@20SurfaceWindowmemset
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2948221645-0
                                                                                                                                                                                                  • Opcode ID: 732843f1601cb3dadc934d675c2545618f46bf4dcc8ee10f6ea8339cb17f815f
                                                                                                                                                                                                  • Instruction ID: 45c8e64ff4ca24cab8798246913b67486095ed73f942a5f66309a1ca30d76112
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 732843f1601cb3dadc934d675c2545618f46bf4dcc8ee10f6ea8339cb17f815f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4516CB5604B05AFDB54DF65CD81A27B7ACFB89704B408A2CFA5A87742C734F811CB60
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT ref: 6B936BCC
                                                                                                                                                                                                  • ?GetAdapterOrdinalForScreen@D3DPipelineManager@@QAEIJ@Z.AWT(?), ref: 6B936BF5
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(00000000,?,?), ref: 6B936C04
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Manager@@Pipeline$AdapterContext@Context@@@Instance@OrdinalScreen@
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2689482991-0
                                                                                                                                                                                                  • Opcode ID: d1a2b4da25f43b410cc7ad239e5a7fdcd9987d819811ee8aa7f03a220791fb75
                                                                                                                                                                                                  • Instruction ID: 632c50c40c3259ecfea2a76e45421581505192a5ee63321ce3289ab07c85a1a4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1a2b4da25f43b410cc7ad239e5a7fdcd9987d819811ee8aa7f03a220791fb75
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4315CB1A083545BC704DF79C88296FB7E9AFD8308F40492DF98A87351DB78D904CBA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • MapVirtualKeyExW.USER32(00000020,00000000,08070809), ref: 6B994509
                                                                                                                                                                                                    • Part of subcall function 6B9C3B40: memcpy.MSVCR100(?,6BA1E510,00000100), ref: 6B9C3B5D
                                                                                                                                                                                                  • MapVirtualKeyExW.USER32(00000000,00000000,?), ref: 6B994553
                                                                                                                                                                                                  • ToAsciiEx.USER32(6BA1A978,00000000,?,?,00000000,?), ref: 6B99456F
                                                                                                                                                                                                  • ToAsciiEx.USER32(00000020,?,?,?,00000000,?), ref: 6B99459E
                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,?,00000001,?,00000002), ref: 6B9945BD
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: AsciiVirtual$ByteCharMultiWidememcpy
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4009316793-0
                                                                                                                                                                                                  • Opcode ID: 3f153fef3330ff85a3dc01a78271aebb869ad17ecfa7dd23717a216d4252e950
                                                                                                                                                                                                  • Instruction ID: 9e56771bff197637ad489b9d826533749d8674e8589e47d4863fe8eabb3571dd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f153fef3330ff85a3dc01a78271aebb869ad17ecfa7dd23717a216d4252e950
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79316C7180834CAFEB21DFF4DC41AAEBBB8EF15304F50412EE4559B282E6749845CF11
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9BAC58
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • GlobalLock.KERNEL32(?), ref: 6B9BACA9
                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 6B9BACAE
                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 6B9BAD55
                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(?), ref: 6B9BAD5A
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Global$LockUnlock$CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 96308209-0
                                                                                                                                                                                                  • Opcode ID: 2795c3a7dd33c2d870c254d8a487c02e699f20406dd1cb0001f63da09e1cd6b5
                                                                                                                                                                                                  • Instruction ID: 46118dc5aca53a454d50a546770204c207221909aa14c6896d35370e3a26631b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2795c3a7dd33c2d870c254d8a487c02e699f20406dd1cb0001f63da09e1cd6b5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96318C38804749EACF20AFB1CC41AEE7BB5FF18708F008409F95497260DB79D981CB65
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _control87$Global$LockUnlock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 635779606-0
                                                                                                                                                                                                  • Opcode ID: baf238671f3ae8727021bf36964a214f38ef17b8153acd1d5945737ffaa5acbb
                                                                                                                                                                                                  • Instruction ID: e22eda8b0a7384bf7597ce3a8e8c13649f3e282c45f46b75dd92cd5247d46811
                                                                                                                                                                                                  • Opcode Fuzzy Hash: baf238671f3ae8727021bf36964a214f38ef17b8153acd1d5945737ffaa5acbb
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3214C71E08319BBDF006FA6DC4AB9EBFB8FB04351F604496E515A21C1EB719A608B94
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT ref: 6B936D05
                                                                                                                                                                                                  • ?GetAdapterOrdinalForScreen@D3DPipelineManager@@QAEIJ@Z.AWT(?), ref: 6B936D24
                                                                                                                                                                                                  • ?GetD3DContext@D3DPipelineManager@@QAEJIPAPAVD3DContext@@@Z.AWT(00000000,?,?), ref: 6B936D35
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Manager@@Pipeline$AdapterContext@Context@@@Instance@OrdinalScreen@
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2689482991-0
                                                                                                                                                                                                  • Opcode ID: 295b4311cac17e1edf356f20eb11c57c79fb42548055ee324c05f7f35f35e011
                                                                                                                                                                                                  • Instruction ID: cbe73a3e8eb7c893a3a38e74f901362622e00c2d5faee9f8c1b18ddaa4e1143e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 295b4311cac17e1edf356f20eb11c57c79fb42548055ee324c05f7f35f35e011
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A32196B19083645FC600DF699882AAFF7E8EB95318F40492DFD4993201DB79E905CBA6
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memset$wcscatwcscpy
                                                                                                                                                                                                  • String ID: SECURITY_WARNING_
                                                                                                                                                                                                  • API String ID: 4220308061-3675562604
                                                                                                                                                                                                  • Opcode ID: 3efa66f59589787c1eacd6d5c7749266608a9d0cc9376c619854b0a81295b060
                                                                                                                                                                                                  • Instruction ID: 82482c6d3d98728f261611e30d26b6f86b344fd68c4bb9a5978630565f5756ff
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3efa66f59589787c1eacd6d5c7749266608a9d0cc9376c619854b0a81295b060
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95218B72618300AFDB40DF65C881B9BB7A8FB9A710FC4891DF69597280D774E9068B63
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000), ref: 6B9D4E5B
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B9D4E6E
                                                                                                                                                                                                  • GetLastError.KERNEL32 ref: 6B9D4E76
                                                                                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 6B9D4E91
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B9D4EA2
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: free$AllocByteCharErrorLastMultiStringWide
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2461177162-0
                                                                                                                                                                                                  • Opcode ID: a35d6147a3c709aeb3a8f96f6ddbd8fa71d784ba6045d5ec1e43efbd516e20c3
                                                                                                                                                                                                  • Instruction ID: bd67943de62075e00455af34ef7f75acc7e382ffb7da0272615e6e60d49a0fe4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a35d6147a3c709aeb3a8f96f6ddbd8fa71d784ba6045d5ec1e43efbd516e20c3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7119176E44A04BBDB109BB2AC4279EBB69AB54269F10813DE916B3380D73CD9508A71
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 44abd7fbf785b42caef9bc71b54eb3b00874807916a862c949494206ecc9e19e
                                                                                                                                                                                                  • Instruction ID: d6e43a9b064909850ce7f4688645f630bdbab748ab01c450b3116a8a9cc2e0c5
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44abd7fbf785b42caef9bc71b54eb3b00874807916a862c949494206ecc9e19e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51113231948714EFCB019F64CC49BCA3BB8AB03718F00C494F958AB2A1C7BDDA44CB51
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,OGLRenderQueue_flushBuffer: cannot get direct buffer address), ref: 6B96D014
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • OGLRenderQueue_flushBuffer: cannot get direct buffer address, xrefs: 6B96D00B
                                                                                                                                                                                                  • OGLRenderQueue_flushBuffer: invalid opcode=%d, xrefs: 6B96DC26
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Tracefprintf$ImplInit@0fflushvfprintf
                                                                                                                                                                                                  • String ID: OGLRenderQueue_flushBuffer: cannot get direct buffer address$OGLRenderQueue_flushBuffer: invalid opcode=%d
                                                                                                                                                                                                  • API String ID: 3442746353-2602904628
                                                                                                                                                                                                  • Opcode ID: ab7937a4f9f0b941fe09564289c78260cfd11bfb94314686c32a0a950d5db302
                                                                                                                                                                                                  • Instruction ID: c9dc3a03e8c8bd42ab1023ae501843af997f7f38074f3ddcfd64e05ad8b1207a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: ab7937a4f9f0b941fe09564289c78260cfd11bfb94314686c32a0a950d5db302
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70E115B1608200DFE2208F59E98892BFBF4FF89744F91894CE5E553249E375A874CB66
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_ThrowArrayIndexOutOfBoundsException@8.JAVA(?,band array), ref: 6B97AB88
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ArrayBoundsException@8IndexThrow
                                                                                                                                                                                                  • String ID: alpha tile array$band array
                                                                                                                                                                                                  • API String ID: 540364022-1923403480
                                                                                                                                                                                                  • Opcode ID: 8495e811257561a2ea356871d235de61201dda52e69c0adf8f3e697e5dae21ae
                                                                                                                                                                                                  • Instruction ID: 0b0b2f2daa24cd46a5d227aaa8a5feb5ad23dda465213cb858add3d754b57a46
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8495e811257561a2ea356871d235de61201dda52e69c0adf8f3e697e5dae21ae
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EAE1D675A00519EFCB11DFA8C984A9EBBF6FF49300F2480A9F904AB254D734E951CFA5
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • floor.MSVCR100 ref: 6B971132
                                                                                                                                                                                                  • floor.MSVCR100 ref: 6B971172
                                                                                                                                                                                                    • Part of subcall function 6B970D10: floor.MSVCR100 ref: 6B970DDC
                                                                                                                                                                                                    • Part of subcall function 6B970D10: floor.MSVCR100 ref: 6B970E1C
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • OGLTR_DrawGlyphList: glyph info is null, xrefs: 6B971299
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: floor
                                                                                                                                                                                                  • String ID: OGLTR_DrawGlyphList: glyph info is null
                                                                                                                                                                                                  • API String ID: 3192247854-4135090480
                                                                                                                                                                                                  • Opcode ID: 9c3d261428f9de7bf628ba4105e86b66ff7537ff4cd2517ae50014b358cae879
                                                                                                                                                                                                  • Instruction ID: 5e1d855d157ac5b67eddd6f860f166135d7686408059595c77df9eb917e318d6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c3d261428f9de7bf628ba4105e86b66ff7537ff4cd2517ae50014b358cae879
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C91D471508321AFD720EF64C895A5B7BF8FF8A748F00896CF99893254D334D951CBA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@memset
                                                                                                                                                                                                  • String ID: (IIII)V$handleExpose
                                                                                                                                                                                                  • API String ID: 4044531854-1818056601
                                                                                                                                                                                                  • Opcode ID: a7ed39dd3edd174bf0b627c22683eb4c16cff4575d4a0ed3f6179f6b7600cbce
                                                                                                                                                                                                  • Instruction ID: 939d6d862f067a6e958cffb06281655c5e91882e3d52d0ff7a776adb297b01f0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a7ed39dd3edd174bf0b627c22683eb4c16cff4575d4a0ed3f6179f6b7600cbce
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E6418C71900205EFDB61AFA9D9858AEBBB9FF49354B548169E828A7710C334ED50CFA0
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _control87
                                                                                                                                                                                                  • String ID: WINSPOOL
                                                                                                                                                                                                  • API String ID: 2184363488-435376181
                                                                                                                                                                                                  • Opcode ID: f2a04aa4d2d8d375a08965befb1d7f9620557a43911c96c72cf5c33f7f20dbc2
                                                                                                                                                                                                  • Instruction ID: 04e5ede0e98a3249670d73d9535f423af336e8a2a23d68a31ccdf7ef9d98328e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2a04aa4d2d8d375a08965befb1d7f9620557a43911c96c72cf5c33f7f20dbc2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6414971800219BFEF019F94CD89EAE7BB8EF08355F2044AAF915A2160D735DE90DFA1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,peer), ref: 6B9B8C1B
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B9B8C62
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8NullPointerThrow
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 473278687-751156914
                                                                                                                                                                                                  • Opcode ID: 79c621b41a43cb2357214baae3e2e8c90972a4081a6513dc1055612bdb8e1dcb
                                                                                                                                                                                                  • Instruction ID: 0761964f020aa6fc1bf4d91f25edc51528d29da8ac2e64c150a109b5a8954a9d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79c621b41a43cb2357214baae3e2e8c90972a4081a6513dc1055612bdb8e1dcb
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53415671905609EFDB019FA8C889DEEBBB8FF0D305B504069F946A6250CB39D942CFA5
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B99300C
                                                                                                                                                                                                    • Part of subcall function 6B9B81E0: _JNU_GetEnv@8.JAVA(00010002,00000010,6B9907BE,?,handlePaint,(IIII)V,?,00000010,?,00000010), ref: 6B9B81EC
                                                                                                                                                                                                    • Part of subcall function 6B9B81E0: _JNU_CallMethodByNameV@24.JAVA(00000000,00000000,?,?,?,?,00010002,00000010,6B9907BE,?,handlePaint,(IIII)V,?,00000010,?,00000010), ref: 6B9B8215
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8$CallMethodNameV@24
                                                                                                                                                                                                  • String ID: (I)V$4$handleAction
                                                                                                                                                                                                  • API String ID: 3494409289-2125931825
                                                                                                                                                                                                  • Opcode ID: 99547b14aa9ad61a14f15299d765d2b7f4377f46f69325d92eff6c19993b28ac
                                                                                                                                                                                                  • Instruction ID: 258247c4b53b95bd565c7615a139f04ed5fc7a18925e6cd82e276704cceacaab
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 99547b14aa9ad61a14f15299d765d2b7f4377f46f69325d92eff6c19993b28ac
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E321047090C300AFEF60EF71D846B5A7BB8FB07369F408519F40A96290D778C442CB10
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: memset
                                                                                                                                                                                                  • String ID: POSTSCRIPT
                                                                                                                                                                                                  • API String ID: 2221118986-171833974
                                                                                                                                                                                                  • Opcode ID: 9c7a074fd2661f001602cc9c3b163fbd6dc6c61d1a06210760c66a66b90c3f49
                                                                                                                                                                                                  • Instruction ID: ee616f1cc2033ca245c519932bc19e6ffafc5328f557e9ee9637f85d7d461cdc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c7a074fd2661f001602cc9c3b163fbd6dc6c61d1a06210760c66a66b90c3f49
                                                                                                                                                                                                  • Instruction Fuzzy Hash: EA21A17194060DBEFB309BB9CC85FEB7ABCEB49748F00442AA525E7181E674D9098F30
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9CCBD8
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,iconRaster data), ref: 6B9CCC16
                                                                                                                                                                                                  • memset.MSVCR100 ref: 6B9CCC69
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8H_prolog3_catchNullPointerThrowmemset
                                                                                                                                                                                                  • String ID: iconRaster data
                                                                                                                                                                                                  • API String ID: 1709764402-3591564486
                                                                                                                                                                                                  • Opcode ID: 63be77d212bfabfe08fec19f0c11c40a468db7c3ab44107648ef78f781aff83e
                                                                                                                                                                                                  • Instruction ID: 729841971d5052501ade97e8f6f704b4aa25745262336d162f07e97ab234d0de
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 63be77d212bfabfe08fec19f0c11c40a468db7c3ab44107648ef78f781aff83e
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0217AB1D00219EFCB109FB5CD85A9F7BB8AF09718F104569F914A7251C738CA00CBA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9C2591
                                                                                                                                                                                                  • _JNU_ThrowInternalError@8.JAVA(00000000,Message not posted, native event queue may be full.,00010002), ref: 6B9C259E
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B9C25B0
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Message not posted, native event queue may be full., xrefs: 6B9C2598
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@Env@8Error@8InternalThrow
                                                                                                                                                                                                  • String ID: Message not posted, native event queue may be full.
                                                                                                                                                                                                  • API String ID: 3555321946-1728823460
                                                                                                                                                                                                  • Opcode ID: 2c992a70bf1c194c14233a6b4c264b77598341d031696ede82427484950c86d5
                                                                                                                                                                                                  • Instruction ID: 532533ed0a4fb54d1713d6cec7a8e86ba88549838963705acbba938aabd53101
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c992a70bf1c194c14233a6b4c264b77598341d031696ede82427484950c86d5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F21C371604210AFDB108B69C946EAFB77CFF06721F508659F550D7181D778DD41CB62
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _JNU_ThrowByName@12.JAVA(?,java/lang/UnsupportedOperationException,Keyboard doesn't have requested key,C7CC4567), ref: 6B9C5045
                                                                                                                                                                                                  • memcpy.MSVCR100(?,6BA1E510,00000100), ref: 6B9C5089
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Keyboard doesn't have requested key, xrefs: 6B9C503A
                                                                                                                                                                                                  • java/lang/UnsupportedOperationException, xrefs: 6B9C503F
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Throw$CreateCurrentEnv@8EventExceptionName@12ObjectSingleThreadWaitmemcpy
                                                                                                                                                                                                  • String ID: Keyboard doesn't have requested key$java/lang/UnsupportedOperationException
                                                                                                                                                                                                  • API String ID: 3751197491-391182723
                                                                                                                                                                                                  • Opcode ID: a31da7ea75d88221e311e29e38eca0e9c0251a0f8c98691ba9a2efea7a48dd22
                                                                                                                                                                                                  • Instruction ID: ef7e3b77a05fba1f7cbbccf60bd47eaa5bb789d85c7ef3d18d6ef2317ad081a9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a31da7ea75d88221e311e29e38eca0e9c0251a0f8c98691ba9a2efea7a48dd22
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5421A771A04208AFCF54DF64C842BEAB7B8FB85314F504669E52597280DB389E40CBB2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9909EA
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B990A13
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Throw$CreateCurrentEnv@8EventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 608574450-751156914
                                                                                                                                                                                                  • Opcode ID: 0661f5fe7add52f3880932f26c2c1bd76c8381fd92935c9e306c89e5824b1ee0
                                                                                                                                                                                                  • Instruction ID: 9ae09204e17781c2517b0fc933898abf99a44a3b6e9a919a698e61c0a39dbacd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0661f5fe7add52f3880932f26c2c1bd76c8381fd92935c9e306c89e5824b1ee0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A511CE30501604AFD791EFB4C84DE9E7BB8BF19309B158464F9909B240CB3CCA41CBB2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9CC3EB
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B9CC414
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B9CC463
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                                                                                                                                  • String ID: peer
                                                                                                                                                                                                  • API String ID: 2303478036-2733046201
                                                                                                                                                                                                  • Opcode ID: 9fb3e352486a9f78a3ce1c886686e71fc72c6f1b57720e36778a123ba3048175
                                                                                                                                                                                                  • Instruction ID: fffeaee98d813d2ac62bae295e84ca7db858db22ec2a4bf279e027e7c6b82129
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9fb3e352486a9f78a3ce1c886686e71fc72c6f1b57720e36778a123ba3048175
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A119E31108654BFDB028FA5CC49FAA7FB89F4A214B148095F9949B241D739E942CBA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,?,00000002,00000000,00000000,?,00000000,?,?,00000000,?,?,?,FILE:,6B9BAF1E), ref: 6B9BAE46
                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6B9BAE83
                                                                                                                                                                                                  • _wcsdup.MSVCR100 ref: 6B9BAE90
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Global$AllocFree_wcsdup
                                                                                                                                                                                                  • String ID: FILE:
                                                                                                                                                                                                  • API String ID: 1255444286-3306117909
                                                                                                                                                                                                  • Opcode ID: 5cf8682a332262f8282ae637c549e8d0bae78a76e8bab7107360e215c65287e0
                                                                                                                                                                                                  • Instruction ID: ff3b54aceab30e62019dfab9fe87c1882aa9dfcb5fb3d6f57a2acc3c865904d2
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5cf8682a332262f8282ae637c549e8d0bae78a76e8bab7107360e215c65287e0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0A018076A08908BFDF116BB5DC86DDF7F7DEB05658F008470FA01A1011DB35CE409660
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9CAD99
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData), ref: 6B9CADFE
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8Exception@8NullPointerThrow
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 3854714648-751156914
                                                                                                                                                                                                  • Opcode ID: e19d9a583d5304c888930324aeace0f9be751c5f2e080d63c2c1e68977ce97f7
                                                                                                                                                                                                  • Instruction ID: aaf97b9c98c8526ad96ddb2f1ef55b622b66ab91a3fdb5d310ca04f11472ab2b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: e19d9a583d5304c888930324aeace0f9be751c5f2e080d63c2c1e68977ce97f7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35115E30244910AFC7129F65DC0CFCB7BB9EF8A712B114069F5458B165D739C882CBA7
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B98EDD5
                                                                                                                                                                                                    • Part of subcall function 6B9B928B: __EH_prolog3_catch.LIBCMT ref: 6B9B9292
                                                                                                                                                                                                    • Part of subcall function 6B9B928B: _JNU_GetEnv@8.JAVA(00010002,0000001C,6B98EE06,00000000,00000000,?,00000000,00000000,00000014), ref: 6B9B92A2
                                                                                                                                                                                                    • Part of subcall function 6B9B928B: free.MSVCR100 ref: 6B9B9335
                                                                                                                                                                                                    • Part of subcall function 6B9B928B: _wcsicmp.MSVCR100 ref: 6B9B9365
                                                                                                                                                                                                    • Part of subcall function 6B9B928B: wcstok.MSVCR100 ref: 6B9B93F2
                                                                                                                                                                                                  • wcslen.MSVCR100 ref: 6B98EE3C
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B98EE58
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog3_catch$??3@Env@8_wcsicmpfreewcslenwcstok
                                                                                                                                                                                                  • String ID: LPT1
                                                                                                                                                                                                  • API String ID: 3086192869-322145859
                                                                                                                                                                                                  • Opcode ID: 9024bf7c2bf29bc7eaa79b50451d6b0ef0925af4c46e274b268c95432a1849f8
                                                                                                                                                                                                  • Instruction ID: 1f4521b7358f59583cee01c10f745a26637a71464ae804ef864b41d8a529397e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9024bf7c2bf29bc7eaa79b50451d6b0ef0925af4c46e274b268c95432a1849f8
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48112BB1C10609EBCF05DFA5C8458EFFB78FFA4314B20851EE511A2250D7798A41DBA1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9CAD0D
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,null pData), ref: 6B9CAD72
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8Exception@8NullPointerThrow
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 3854714648-751156914
                                                                                                                                                                                                  • Opcode ID: cebfc5eb89d77df5c4254b731c4c348ed6a3823474dc74f66ac239f94eb52557
                                                                                                                                                                                                  • Instruction ID: 2bba8145b176bf39c45ad727ec7da618357da886c507b1a88c59c41770f707c0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cebfc5eb89d77df5c4254b731c4c348ed6a3823474dc74f66ac239f94eb52557
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD016D31208910AFCB529F65C808ECF7BBAEF8A71271140A5F5458B225C738C882CBB7
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B996374
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(00000000,peer), ref: 6B996399
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B9963E4
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@Env@8Exception@8NullPointerThrow
                                                                                                                                                                                                  • String ID: peer
                                                                                                                                                                                                  • API String ID: 2303478036-2733046201
                                                                                                                                                                                                  • Opcode ID: 8ec4a0cd7ff45be06493aac29f578cf42605711b26599d8adb386d7b3256d0ce
                                                                                                                                                                                                  • Instruction ID: fb725a814f47e037e39bc2431917354fdf43aa2ce482c90ed7177aa033cf7dfc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ec4a0cd7ff45be06493aac29f578cf42605711b26599d8adb386d7b3256d0ce
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8012231108610BFCB12AF66CC0AE9E3FBCEF0A354B148069F945CB241DB35D942CBA0
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • JNU_SetFieldByName.JAVA(6B93C943,00000000,00000000,nativeWidth,6B9D946C,C7142474), ref: 6B93C683
                                                                                                                                                                                                  • JNU_SetFieldByName.JAVA(6B93C943,00000000,00000000,nativeHeight,6B9D946C,00042444), ref: 6B93C6A5
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: FieldName
                                                                                                                                                                                                  • String ID: nativeHeight$nativeWidth
                                                                                                                                                                                                  • API String ID: 2440734329-1052693153
                                                                                                                                                                                                  • Opcode ID: 4e2e6bcfbd797530a8ec86dfebf60c20235fa652458ddb16a2557f59f4827929
                                                                                                                                                                                                  • Instruction ID: 0c4ec42b542cff4836816cf9bc877eb85a7810b09f4dfadea99fe809062edb1c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e2e6bcfbd797530a8ec86dfebf60c20235fa652458ddb16a2557f59f4827929
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30012975201A21ABC611EE19CCC0E5B7BBCEF9D315B109088FA409B207D738E841CAB1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B990AAB
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B990AD4
                                                                                                                                                                                                    • Part of subcall function 6B9C3EC0: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,?,?), ref: 6B9C3ED2
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8Throw$CreateCurrentEventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2776560734-751156914
                                                                                                                                                                                                  • Opcode ID: 6e4542f867f8be7ed7ee5d69d9fdd3f58737a42e9f7b3ebb84dbabcef29aad41
                                                                                                                                                                                                  • Instruction ID: 501cc71aa2ac449da4266071024e5198fd84836e426c1d68ca239ca03db62bba
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e4542f867f8be7ed7ee5d69d9fdd3f58737a42e9f7b3ebb84dbabcef29aad41
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0111E135401604EFDB52AFA5D80DF9E3BB9EF55309F198094F9642B210C738C641CFA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9B4AE8
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B9B4B11
                                                                                                                                                                                                    • Part of subcall function 6B9C3EC0: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,?,?), ref: 6B9C3ED2
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8Throw$CreateCurrentEventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2776560734-751156914
                                                                                                                                                                                                  • Opcode ID: f9fd344d3f9fe1cad3b6e4edb69a21dba02b50d31dce51668d4817bfa334006f
                                                                                                                                                                                                  • Instruction ID: b939d27e362ac1b50c4bf921ab1035cad4396a5515e30f0116d0ba61bf67dd73
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9fd344d3f9fe1cad3b6e4edb69a21dba02b50d31dce51668d4817bfa334006f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65118B34514614ABDB229F74C809F9F3BB9AF55309F148098FA545B351C739C601DF76
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B992D7A
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B992DA3
                                                                                                                                                                                                    • Part of subcall function 6B9C3EC0: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,?,?), ref: 6B9C3ED2
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8Throw$CreateCurrentEventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2776560734-751156914
                                                                                                                                                                                                  • Opcode ID: 5db051944a8aa7918c3dd26085fd594ac8f6985ce739669beb6c284dde8636be
                                                                                                                                                                                                  • Instruction ID: d984a0d4aee23e6d46520c3cf91feb0c743dfb8fcef4f4167f4e7584c199ed76
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5db051944a8aa7918c3dd26085fd594ac8f6985ce739669beb6c284dde8636be
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02118B34404610AFDBA2AF65D809F9E3BB9BF9670AF588094F9446A250C739C605CFB2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9B439A
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B9B43C3
                                                                                                                                                                                                    • Part of subcall function 6B9C3EC0: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,?,?), ref: 6B9C3ED2
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8Throw$CreateCurrentEventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2776560734-751156914
                                                                                                                                                                                                  • Opcode ID: b54431899daca675f09fc4663c061510bef5cf6cb56bdbc9d6b8b1879b024bea
                                                                                                                                                                                                  • Instruction ID: 5fb772eee56b080e952f288b27912304187b76720931287fe5dfce8bc107a60b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: b54431899daca675f09fc4663c061510bef5cf6cb56bdbc9d6b8b1879b024bea
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3711C735444604BBDB229F64C908FAF3BB9AF9630AF298094F9046A350C738C602DF62
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9B621C
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B9B6244
                                                                                                                                                                                                    • Part of subcall function 6B9C3EC0: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,?,?), ref: 6B9C3ED2
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8Throw$CreateCurrentEventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2776560734-751156914
                                                                                                                                                                                                  • Opcode ID: d7e3c9ea1a04418a0d8fd7639add4851e7a60f69577f6b92a00ccbebd2c3084f
                                                                                                                                                                                                  • Instruction ID: 9fa3c3c3f99a81b129db7b955b6755b57ed4551af55d033e5d82d9d8362ee912
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d7e3c9ea1a04418a0d8fd7639add4851e7a60f69577f6b92a00ccbebd2c3084f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6611AD35800A04EFEB129FA5CC49EAFBBB5FF55309B248499FA5496210C739D612CF62
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9C04C3
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B9C04EC
                                                                                                                                                                                                    • Part of subcall function 6B9C3EC0: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,?,?), ref: 6B9C3ED2
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8Throw$CreateCurrentEventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2776560734-751156914
                                                                                                                                                                                                  • Opcode ID: 16319b6133c80cee6c18d3fbd583a5a10a6c09982718220aa724c8be023cf30a
                                                                                                                                                                                                  • Instruction ID: 98334b600efafbffccef53bdd38085344fa30ca01debc176e97dd560cfaa819d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 16319b6133c80cee6c18d3fbd583a5a10a6c09982718220aa724c8be023cf30a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37118B74404610EBDB229F64C809F9F3BB5AF55709F14C094F9545B250D739C641CF63
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9B2A1B
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B9B2A44
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Throw$CreateCurrentEnv@8EventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 608574450-751156914
                                                                                                                                                                                                  • Opcode ID: 8a732442f9f11bf1a8bf3f0fa6af6f994016ae9761138b974b6216d8f6629ef2
                                                                                                                                                                                                  • Instruction ID: 139499136e3d3fe63e03c1d266da5f3100f73c22a7c7206b1117a08fca7b41f7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a732442f9f11bf1a8bf3f0fa6af6f994016ae9761138b974b6216d8f6629ef2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AD01D234504514ABEB219FA58809EAF3FB9EF96709F118058F5415B290CB3CC541CBB3
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _SurfaceData_ThrowInvalidPipeException@8.AWT(?,bounds changed), ref: 6B94E9FE
                                                                                                                                                                                                  • TlsGetValue.KERNEL32(FFFFFFFF), ref: 6B94EA0F
                                                                                                                                                                                                  • _GDIWinSD_InitDC@32.AWT(?,?,00000000,?,?,?,?,?), ref: 6B94EA37
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: C@32Data_Exception@8InitInvalidPipeSurfaceThrowValue
                                                                                                                                                                                                  • String ID: bounds changed
                                                                                                                                                                                                  • API String ID: 682632226-4245400890
                                                                                                                                                                                                  • Opcode ID: 044d42b0e360465de634715e9040481881c387fff23bbc4ee4704278376e581b
                                                                                                                                                                                                  • Instruction ID: cdcf9dbd790ccffc54036d0604b4c83c8ac27dd89932cc9d7d1eb20d5d1b64bd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 044d42b0e360465de634715e9040481881c387fff23bbc4ee4704278376e581b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D014B76219610AF9754DFA8E844C9BB7F9EFCE214B06899DF58897200C335EC46CBA1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B996DB9
                                                                                                                                                                                                  • JNU_NewObjectByName.JAVA(00000000,sun/awt/UngrabEvent,(Ljava/awt/Component;)V,00000000,00000000,00010002), ref: 6B996DD6
                                                                                                                                                                                                    • Part of subcall function 6B9CF4F1: _JNU_IsInstanceOfByName@12.JAVA(?,00000000,java/lang/OutOfMemoryError,?,00000000,?,6B9AB43B,00000000,6BDC5A58,00010002,00000000,6B9B8959,00000004,6B9B8A0F,?,?), ref: 6B9CF512
                                                                                                                                                                                                    • Part of subcall function 6B9CF4F1: _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B9CF537
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8ExceptionInstanceNameName@12ObjectThrow
                                                                                                                                                                                                  • String ID: (Ljava/awt/Component;)V$sun/awt/UngrabEvent
                                                                                                                                                                                                  • API String ID: 4045150742-3140849881
                                                                                                                                                                                                  • Opcode ID: 4a060bbc02fb4983f6d27b5777d1b84e4833197faa7a461b2b010738542ee24f
                                                                                                                                                                                                  • Instruction ID: 1c2f7afa9c5101ef94f100985cfd08c32c7b71d153e7b07676e83a70d7546af4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a060bbc02fb4983f6d27b5777d1b84e4833197faa7a461b2b010738542ee24f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1AF0C8312015107FD7516BB99C45EAF7BACDF8A2593014069F841C7202EB2DDC418AB1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B994D18
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8
                                                                                                                                                                                                  • String ID: ()V$inquireCandidatePosition$sun/awt/windows/WInputMethod
                                                                                                                                                                                                  • API String ID: 97469293-1914844607
                                                                                                                                                                                                  • Opcode ID: 5d510adae29e4492dc2270c0dd0c2578eeee629b95d0a422b9b2594019a87393
                                                                                                                                                                                                  • Instruction ID: 7cea41d9978bac12af4c27b49c7e702a174db6feb62149a105735eafbf720086
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d510adae29e4492dc2270c0dd0c2578eeee629b95d0a422b9b2594019a87393
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B018F35108600ABDBA29F65D845E5ABBFCAF8A649714C066FC82C7210E73CD842CF71
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9B6182
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B9B61AC
                                                                                                                                                                                                    • Part of subcall function 6B9B8288: _JNU_GetEnv@8.JAVA(00010002,?), ref: 6B9B82A7
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8Throw$CreateCurrentEventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2776560734-751156914
                                                                                                                                                                                                  • Opcode ID: 09266ddd51d7e7de45e17c07174f763d5bdb25fe2706298b2cfedee1549adb11
                                                                                                                                                                                                  • Instruction ID: fd41b83a0086bb60f642bccc1c16b614981196f2a45f65f262ee7d986922662e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 09266ddd51d7e7de45e17c07174f763d5bdb25fe2706298b2cfedee1549adb11
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D01A275500604AFDB119F64CC89EAFBB79AF9630DB19C458FA4457201C73CDA02CB72
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9B60EA
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B9B6114
                                                                                                                                                                                                    • Part of subcall function 6B9B8288: _JNU_GetEnv@8.JAVA(00010002,?), ref: 6B9B82A7
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8Throw$CreateCurrentEventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2776560734-751156914
                                                                                                                                                                                                  • Opcode ID: abe5d7b226e37364cb01fea856b2a346d6bc97cdf8f5a24d7f6202f064eab06b
                                                                                                                                                                                                  • Instruction ID: 31d7e090a836c0fd0d9e98ca044316ea6e36c826eed3fa86e4357bfc3352f823
                                                                                                                                                                                                  • Opcode Fuzzy Hash: abe5d7b226e37364cb01fea856b2a346d6bc97cdf8f5a24d7f6202f064eab06b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AF01A274500604AFD7119FA58C8AEAFBB78AF5630DB148459F64057241C73CEA02CB73
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9B67A7
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B9B67D1
                                                                                                                                                                                                    • Part of subcall function 6B9B8288: _JNU_GetEnv@8.JAVA(00010002,?), ref: 6B9B82A7
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8Throw$CreateCurrentEventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 2776560734-751156914
                                                                                                                                                                                                  • Opcode ID: 64bc5f402c76e108bec6101d20ecea35af481f2b8b933c507aaf4807afe75819
                                                                                                                                                                                                  • Instruction ID: 1ba941dabf84ddf4d318df399581ecc7d40facf5a204906f22d1ea228688e63a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 64bc5f402c76e108bec6101d20ecea35af481f2b8b933c507aaf4807afe75819
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2018F75500614AFDB119F648DC9EAF7B79AF5630CF1488A8F60057250C73DEA02CB72
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,WGLGC_DestroyOGLContext: context is null,6B98D51F), ref: 6B98CB3D
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B98CB95
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B98CB9B
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • WGLGC_DestroyOGLContext: context is null, xrefs: 6B98CB34
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Tracefprintffree$ImplInit@0fflushvfprintf
                                                                                                                                                                                                  • String ID: WGLGC_DestroyOGLContext: context is null
                                                                                                                                                                                                  • API String ID: 3805858621-1708994239
                                                                                                                                                                                                  • Opcode ID: 8ac1695d3cda7c4db2468d71a228074ed688b27239f55c6054920cfe3a8255eb
                                                                                                                                                                                                  • Instruction ID: 7ea75e6a10059015966c6494a69aed9f862ce819f623ba6357fb1a8da7fdfce9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ac1695d3cda7c4db2468d71a228074ed688b27239f55c6054920cfe3a8255eb
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5F0C874A14B007BEA209B709C86F67337CEF41A66F048558FD5BA3240E72DE545CA72
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9CA155
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,null pData), ref: 6B9CA17D
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Throw$CreateCurrentEnv@8EventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                                                                                                                                  • String ID: null pData$peer
                                                                                                                                                                                                  • API String ID: 608574450-751156914
                                                                                                                                                                                                  • Opcode ID: fd7a65c95f1cffa0d320a269b1e2e69a644a14027b1dd411ce4cc81d31a4b3e7
                                                                                                                                                                                                  • Instruction ID: 69fd22040ec943f1a800321ec86c4b3532b18ec11510e754ed5ab1e9c134593e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd7a65c95f1cffa0d320a269b1e2e69a644a14027b1dd411ce4cc81d31a4b3e7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0801BC30404608FBCB129F65CD08E9F3BB9AF8A319B218144F150662A1C739CA02CB73
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                    • Part of subcall function 6B97B3AE: malloc.MSVCR100 ref: 6B97B3B6
                                                                                                                                                                                                    • Part of subcall function 6B97B3AE: _SurfaceData_SetOps@12.AWT(?,?,00000000,?,6B924C2A,?,?,0000004C), ref: 6B97B3C7
                                                                                                                                                                                                    • Part of subcall function 6B97B3AE: memset.MSVCR100 ref: 6B97B3D6
                                                                                                                                                                                                  • _JNU_ThrowOutOfMemoryError@8.JAVA(?,creating native d3d ops), ref: 6B93C812
                                                                                                                                                                                                  • ?GetInstance@D3DPipelineManager@@SAPAV1@XZ.AWT ref: 6B93C85A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • creating native d3d ops, xrefs: 6B93C80C
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Data_Error@8Instance@Manager@@MemoryOps@12PipelineSurfaceThrowmallocmemset
                                                                                                                                                                                                  • String ID: creating native d3d ops
                                                                                                                                                                                                  • API String ID: 3719337744-2326505683
                                                                                                                                                                                                  • Opcode ID: c08c6f1fdad169ca8debfcfb1c3bf051afd30de846aafbf54ae35332f968669f
                                                                                                                                                                                                  • Instruction ID: 656b9ac072508df0d90fa0d9def76a2225bd210af98a7de1b0f4b46983c3f8b4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c08c6f1fdad169ca8debfcfb1c3bf051afd30de846aafbf54ae35332f968669f
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F015EB1505B209BC320DF65E485B47BBF8AF94795F00C91DE98697611D738E404CFA0
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?BeginScene@D3DContext@@QAEJC@Z.AWT(00000001), ref: 6B93AFDF
                                                                                                                                                                                                  • ?DrawPoly@D3DVertexCacher@@QAEJJEJJPAJ0@Z.AWT(?,?,?,?,?,?,00000001), ref: 6B93AFFD
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRenderer_DrawPoly: d3dc, xPoints or yPoints is NULL), ref: 6B93B00F
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • D3DRenderer_DrawPoly: d3dc, xPoints or yPoints is NULL, xrefs: 6B93B006
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: BeginCacher@@Context@@DrawImplPoly@Scene@TraceVertex
                                                                                                                                                                                                  • String ID: D3DRenderer_DrawPoly: d3dc, xPoints or yPoints is NULL
                                                                                                                                                                                                  • API String ID: 556309797-2745615370
                                                                                                                                                                                                  • Opcode ID: 5f6ae0d99962b4552ecd41d8e5a0b79043a4c7cb19573862aca2bd96162506c2
                                                                                                                                                                                                  • Instruction ID: 31082d3785cb7abd30438aa0ad11fea5fae20fba6b8676256d245f466a83970a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f6ae0d99962b4552ecd41d8e5a0b79043a4c7cb19573862aca2bd96162506c2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3F090B33047206BD210CA8898C1F5F73EDABC8B58F01051DF658AB240C77AEC4187B1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9B6E2F
                                                                                                                                                                                                    • Part of subcall function 6B9B81E0: _JNU_GetEnv@8.JAVA(00010002,00000010,6B9907BE,?,handlePaint,(IIII)V,?,00000010,?,00000010), ref: 6B9B81EC
                                                                                                                                                                                                    • Part of subcall function 6B9B81E0: _JNU_CallMethodByNameV@24.JAVA(00000000,00000000,?,?,?,?,00010002,00000010,6B9907BE,?,handlePaint,(IIII)V,?,00000010,?,00000010), ref: 6B9B8215
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8$CallMethodNameV@24
                                                                                                                                                                                                  • String ID: (JI)V$(Z)V$handleAction
                                                                                                                                                                                                  • API String ID: 3494409289-1820172317
                                                                                                                                                                                                  • Opcode ID: 3a613ac69ab85cf00e1041914f8585b1abaa3ea0cd81fcd3df4938a4a227c6c5
                                                                                                                                                                                                  • Instruction ID: 705890f29e8ea24484c7458a19def2e85b996236a8d1ee99de4f853f7f1cdb00
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a613ac69ab85cf00e1041914f8585b1abaa3ea0cd81fcd3df4938a4a227c6c5
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45F0E27A0516007BE6627334BC43FA7365CEF6420CF408405F811A2342D72DD8838AB0
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,private data), ref: 6B976236
                                                                                                                                                                                                  • _JNU_ThrowInternalError@8.JAVA(?,bad path delivery sequence), ref: 6B97624E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Throw$Error@8Exception@8InternalNullPointer
                                                                                                                                                                                                  • String ID: bad path delivery sequence$private data
                                                                                                                                                                                                  • API String ID: 1693744675-3477165930
                                                                                                                                                                                                  • Opcode ID: 05aed426279e6f4ae30f2a73aef810b3846ee2498e8d710b1bae8d528823cb59
                                                                                                                                                                                                  • Instruction ID: 1757f99cefb5273fb636ec28855721030220188231f7cd4b5333e95d9bf2ddb6
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 05aed426279e6f4ae30f2a73aef810b3846ee2498e8d710b1bae8d528823cb59
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91F046B51082119FC354EF28D550D9A7BE4AFE9314B12859EE4849B326C338D986CBA1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,00000000,6B939D5A,?,00000000,00000000,6B938ECD,00000000,00000000,00000000,00000000,00000000,?,6B936C78,00000000), ref: 6B93C72C
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(00000000,00000000,00000000,setSurfaceLost,(Z)V,00000001), ref: 6B93C75E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CallEnv@8MethodName
                                                                                                                                                                                                  • String ID: (Z)V$setSurfaceLost
                                                                                                                                                                                                  • API String ID: 3842419413-231850893
                                                                                                                                                                                                  • Opcode ID: 6e93d890f4a208b83a9a01579c96422ba2d9ed2278929e2f5cdc2e64ca292fe6
                                                                                                                                                                                                  • Instruction ID: f88c6845edb406b6b5d59d1b31d41bfcc8614bd94171c46a6d90316d976df9c4
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e93d890f4a208b83a9a01579c96422ba2d9ed2278929e2f5cdc2e64ca292fe6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16F0A031244A207BC621EA29CC85F5B37BDDFEA751B118048F900AB261EB29DC42CAF1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,private data), ref: 6B976386
                                                                                                                                                                                                  • _JNU_ThrowInternalError@8.JAVA(?,bad path delivery sequence), ref: 6B9763A3
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Throw$Error@8Exception@8InternalNullPointer
                                                                                                                                                                                                  • String ID: bad path delivery sequence$private data
                                                                                                                                                                                                  • API String ID: 1693744675-3477165930
                                                                                                                                                                                                  • Opcode ID: 68cb835f5e9a910e899969e791dba670d1723c4ff1c45d59a56ab4fa85b856dc
                                                                                                                                                                                                  • Instruction ID: 32c9e21ec1962d49587e53b30bbefcaf50ceba7cdca59d7d12d67b049d55454d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 68cb835f5e9a910e899969e791dba670d1723c4ff1c45d59a56ab4fa85b856dc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52F0A03621C6102BE251EA35DC02ED763DA9FE6318B06C465F08493215D728ED42CAB1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,private data), ref: 6B9762A6
                                                                                                                                                                                                  • _JNU_ThrowInternalError@8.JAVA(?,bad path delivery sequence), ref: 6B9762BF
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Throw$Error@8Exception@8InternalNullPointer
                                                                                                                                                                                                  • String ID: bad path delivery sequence$private data
                                                                                                                                                                                                  • API String ID: 1693744675-3477165930
                                                                                                                                                                                                  • Opcode ID: 111dc6d1a34f597f82abe3e1a187de236a869d928678ae767fa1f8a1b9b94561
                                                                                                                                                                                                  • Instruction ID: 8458f1e0952bc639308a86f867796d73123b0ae192ac5df50d418c477488a1b3
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 111dc6d1a34f597f82abe3e1a187de236a869d928678ae767fa1f8a1b9b94561
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03F0BE32048250AFC211DB24C811FCB3BE85FF5308F05849AE04087222C368CD82C6F2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002,?,00000000,6B99580E,00000000), ref: 6B9B8249
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(00000000,00000000,?,postEvent,(Ljava/awt/AWTEvent;)V,00000000,00010002,?,00000000,6B99580E,00000000), ref: 6B9B8264
                                                                                                                                                                                                    • Part of subcall function 6B9CF4F1: _JNU_IsInstanceOfByName@12.JAVA(?,00000000,java/lang/OutOfMemoryError,?,00000000,?,6B9AB43B,00000000,6BDC5A58,00010002,00000000,6B9B8959,00000004,6B9B8A0F,?,?), ref: 6B9CF512
                                                                                                                                                                                                    • Part of subcall function 6B9CF4F1: _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B9CF537
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CallEnv@8ExceptionInstanceMethodNameName@12Throw
                                                                                                                                                                                                  • String ID: (Ljava/awt/AWTEvent;)V$postEvent
                                                                                                                                                                                                  • API String ID: 2443027089-4114778031
                                                                                                                                                                                                  • Opcode ID: 1fd88cd5bab3b519a0bd9742835619262b6f2099e99257736988ac8f9292d103
                                                                                                                                                                                                  • Instruction ID: ffdc11be0e39c27367884621b08dad7133c957817fcf6897d0657090ac41e19c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1fd88cd5bab3b519a0bd9742835619262b6f2099e99257736988ac8f9292d103
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69E0ED31100920BBC3211B208C05F9BBB6CEF99219B108055FD4062201DB39C802CAB6
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9B425C
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                                                                                                                                  • String ID: Ljava/lang/String;$alignment$text
                                                                                                                                                                                                  • API String ID: 2376344244-2957038647
                                                                                                                                                                                                  • Opcode ID: c66333e134c58518a7d31b5c820785c156548982b7edd835a720e471f37cea40
                                                                                                                                                                                                  • Instruction ID: 8795a6b0fe1d7a138d9161979157dcba62efcac4f7aca9c399a570971de3d52a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c66333e134c58518a7d31b5c820785c156548982b7edd835a720e471f37cea40
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9EF08C78904600ABDF40AFB18919B8936B8AF5431AF00C154B8585B340CB38C141CF22
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B99098A
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                                                                                                                                  • String ID: Ljava/lang/String;$java/awt/Button$label
                                                                                                                                                                                                  • API String ID: 2376344244-3340982351
                                                                                                                                                                                                  • Opcode ID: d173d9941eb3b1e112d1fa203693e60849d0fd2283c62aa1f1700252228a70fa
                                                                                                                                                                                                  • Instruction ID: 0020da31c0d878ff1578d778b7ed9f66253bb97c5117524e505b93357502a8f9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d173d9941eb3b1e112d1fa203693e60849d0fd2283c62aa1f1700252228a70fa
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44E09A78A01610ABEB41EF719849F8E3268AF6030EF148459A8849F340CB3CDA42CB76
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • JNU_CallStaticMethodByName.JAVA(?,00000000,sun/java2d/d3d/D3DSurfaceData,dispose,(J)V,?), ref: 6B93C7A1
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CallMethodNameStatic
                                                                                                                                                                                                  • String ID: (J)V$dispose$sun/java2d/d3d/D3DSurfaceData
                                                                                                                                                                                                  • API String ID: 284522041-151686029
                                                                                                                                                                                                  • Opcode ID: 26eebc502cdbc454d12e415bdf361b40b2ef93213aad8c449a6b9dacfe945daf
                                                                                                                                                                                                  • Instruction ID: 5e9de065337063ee5dea4ef44e4dce8cff524c9ec4aef0611648d4ae4ae470da
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 26eebc502cdbc454d12e415bdf361b40b2ef93213aad8c449a6b9dacfe945daf
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1AD012B9604A103EE502A5258C45F1623AD9BD4518F84C4447544F2161E22CE400853A
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                  • Opcode ID: 6b6826908935da724c6e618a82291c22a0d6238560b0de2c471ba2651148c0c1
                                                                                                                                                                                                  • Instruction ID: 7e90c06762e8450ad2b077f4634480427ea09d41ca98104e3c49ec49b0812308
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b6826908935da724c6e618a82291c22a0d6238560b0de2c471ba2651148c0c1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7402E6B2A19340EBD7916E50D24929ABFB4FF81790FA15C48F4D5610ADFB3288748F87
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ceilfloor
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 43245620-0
                                                                                                                                                                                                  • Opcode ID: c12ba110d9daa62673a453e3b066311c91dd7bcf4eccfddd245e121594c68de9
                                                                                                                                                                                                  • Instruction ID: 371239b809da25c7f67483f7cb169f8b50799786f6fb0865f74ebd8a7b40b79d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c12ba110d9daa62673a453e3b066311c91dd7bcf4eccfddd245e121594c68de9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2B10272A19300EBD7417E60D24919ABFB4FF81790FA24C48F4D5611ADEB3288758F87
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch_GS.LIBCMT ref: 6B9B4EC2
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002,00000040,6B9C7074,?), ref: 6B9B4EE3
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8H_prolog3_catch_
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 768342862-0
                                                                                                                                                                                                  • Opcode ID: d78db7c9f90ec0a8406c04866d8504d7402d94ef08e3005dd83c247c752aebec
                                                                                                                                                                                                  • Instruction ID: 3fe9257c2091268353cfed64e6f7916a988ee024b9574647d04c18292d0460ba
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d78db7c9f90ec0a8406c04866d8504d7402d94ef08e3005dd83c247c752aebec
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37713D71A00208AFDF15DFB9CC85EAEBBB9EF08324F104619F155A62A0DB75E941CF20
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GlobalLock.KERNEL32(?), ref: 6B9BEA92
                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(?), ref: 6B9BEAAF
                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 6B9BEB82
                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 6B9BEBDC
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Global$LockUnlock
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2502338518-0
                                                                                                                                                                                                  • Opcode ID: 0495fcae320bdfcd36dee901d7b479a2633c3beacb7fc84bca758f08d47f9191
                                                                                                                                                                                                  • Instruction ID: 38abd8afb94f23b5d7e421cbbddac288d091eef876750c021d583559726f67c7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0495fcae320bdfcd36dee901d7b479a2633c3beacb7fc84bca758f08d47f9191
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4471C570904A0AFBCF04AF75D8859AEBFB8FF08308F1188ADE49492250DB35D964CB51
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ?UpdateState@D3DContext@@QAEJC@Z.AWT(00000020,?,00000001,?,?), ref: 6B93226F
                                                                                                                                                                                                  • _SurfaceData_IntersectBoundsXYXY@20.AWT(?,00000000,00000000,00000000,00000002,00000020,?,00000001,?,?), ref: 6B9322FC
                                                                                                                                                                                                  • ?GetClipType@D3DContext@@QAE?AW4ClipType@@XZ.AWT(?,00000000,00000000,00000000,00000002,00000020,?,00000001,?,?), ref: 6B932303
                                                                                                                                                                                                  • _SurfaceData_IntersectBoundsXYXY@20.AWT(?,?,?,?,?,?,00000001,?,?), ref: 6B93233A
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: BoundsClipContext@@Data_IntersectSurfaceY@20$State@Type@Type@@Update
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1317578984-0
                                                                                                                                                                                                  • Opcode ID: 6a8021a115d77095aec81adb4a8a9988b80cd355dd2ad06ab4b837b91ca917c9
                                                                                                                                                                                                  • Instruction ID: 08777895f7a45db2df82ccbe63341534b35308f06a0e2e6fa0952fe4fa37201e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6a8021a115d77095aec81adb4a8a9988b80cd355dd2ad06ab4b837b91ca917c9
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF811DB5A083419FC324CF2AC590A6EBBE6BFD8704F50892DF19987250DB31E944CB92
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: wcscpy$_logfwcschrwcsstr
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2040597972-0
                                                                                                                                                                                                  • Opcode ID: 477a4c319cb2c5ba0a11f148e9b7eb47cfe5bb93f1fbff61224f3bf3e380abd2
                                                                                                                                                                                                  • Instruction ID: d7d9bd4671243e01c06578a1e671dd6a98ef7dedb1436ac662b261b0e234f13f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 477a4c319cb2c5ba0a11f148e9b7eb47cfe5bb93f1fbff61224f3bf3e380abd2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A417C72904258DBDB209FB9CD45BDDBBB8EF59344F4081AAE518E3242D738C985CF61
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Version$memset
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3607446104-0
                                                                                                                                                                                                  • Opcode ID: fecffabe39d6d569a8ccc82ac985278488e5a9442ff3389bfb25c8d50e8ab119
                                                                                                                                                                                                  • Instruction ID: fa0f94994318b90e4a1c2aac58ba4972526f5891d1678b435ae46d5cd5a4dbfd
                                                                                                                                                                                                  • Opcode Fuzzy Hash: fecffabe39d6d569a8ccc82ac985278488e5a9442ff3389bfb25c8d50e8ab119
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0041497190021DAFDB20EFA5DD89EEEBBB9EF49304F10516AE90AAB250D734D905CF50
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6B9C65D9
                                                                                                                                                                                                    • Part of subcall function 6B9C5EF0: GetCurrentThreadId.KERNEL32 ref: 6B9C5F2E
                                                                                                                                                                                                    • Part of subcall function 6B9719A5: __EH_prolog3.LIBCMT ref: 6B9719AC
                                                                                                                                                                                                    • Part of subcall function 6B9719A5: _JNU_GetEnv@8.JAVA(00010002,00000004,6B9C6600), ref: 6B9719BC
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(6BDC5A58,00010002), ref: 6B9C6610
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(1588F0E8), ref: 6B9C66DF
                                                                                                                                                                                                  • CloseHandle.KERNEL32(000005E0), ref: 6B9C66EB
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CurrentEnv@8Thread$??3@CloseH_prolog3Handle
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1134480261-0
                                                                                                                                                                                                  • Opcode ID: f5b40b8234d846bba865e8f764f6cde095466041cd987d9e73c3d1140b196e6d
                                                                                                                                                                                                  • Instruction ID: fd20753baae82b729549bac0d4f95e667c39da5ee966c0e3f381b62ace05acb8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5b40b8234d846bba865e8f764f6cde095466041cd987d9e73c3d1140b196e6d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6331A5B6918318ABDB40DFB5DD4682B77ACFB5A344780C519F505D3600DB3AE406CB62
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9B2AC6
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • wcslen.MSVCR100 ref: 6B9B2B22
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B9B2B3B
                                                                                                                                                                                                  • _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B9B2B5C
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ExceptionThrow$CreateCurrentEnv@8EventH_prolog3_catchObjectSingleThreadWaitfreewcslen
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3923742239-0
                                                                                                                                                                                                  • Opcode ID: 13de772f9760fe15ab16260f18d6fa2b1ae08b09b6e9ba756cedd35d5721a216
                                                                                                                                                                                                  • Instruction ID: dfd5a01d9f61d9cd0b318370cd758d22d8450d03833c48c93b6874d903a888cc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 13de772f9760fe15ab16260f18d6fa2b1ae08b09b6e9ba756cedd35d5721a216
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A115B36508624A78B10DF7588899AF7F6DEF97358750855DF02497241CF3CC602C7E1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Version$LibraryLoadSystem
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 58072918-0
                                                                                                                                                                                                  • Opcode ID: 9652a3f8317250f1adb3be7899aa42b3dcfcf70eda33b94791a72f25bd3049eb
                                                                                                                                                                                                  • Instruction ID: 87ed892b95c13258fcb3cbd9f951c21eff9136561951dcb1ac63f2e200eabf9c
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9652a3f8317250f1adb3be7899aa42b3dcfcf70eda33b94791a72f25bd3049eb
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55018831944119AFDB21AF698C04BFA37FEEF86721F054076F98497160C738C85397A6
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                  • _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateCurrentEventExceptionObjectSingleThreadThrowWait
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 2689870154-0
                                                                                                                                                                                                  • Opcode ID: d4df71d698e6ba95025faed3d84ada2a6ae292cbed19043ea356f8f297078547
                                                                                                                                                                                                  • Instruction ID: 8604e04118a80a4249c0c62a7d5ea514c9c55745ba143a66e7b7fceee9e731a8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d4df71d698e6ba95025faed3d84ada2a6ae292cbed19043ea356f8f297078547
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4601F131A48708FBDF009FA5DC15B9AB7B8F746721FA04626F919A36C0C738D0088A61
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • getEncodingFromLangID.JAVA(?,00000000,?,00000000,?,6B99381F,?,00000000), ref: 6B99C3B1
                                                                                                                                                                                                  • strlen.MSVCR100 ref: 6B99C3B9
                                                                                                                                                                                                  • _CxxThrowException.MSVCR100(?,6B9F9388), ref: 6B99C3E9
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B99C3FF
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: EncodingExceptionFromLangThrowfreestrlen
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4163818016-0
                                                                                                                                                                                                  • Opcode ID: 2b0fbed44637b01344508b5e64d223e95e78070bfa80741ff9c6f95ce2583e42
                                                                                                                                                                                                  • Instruction ID: 9d31cc0109b3bb58a426c6026d44b1d87719d856a4230a97ccd17ee09a15ec32
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b0fbed44637b01344508b5e64d223e95e78070bfa80741ff9c6f95ce2583e42
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4CF0A936109248BFDB015FA9DC89DEE3B7CEF8A264F148029FD488B101DB35D9018F60
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9BAFA3
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B9BAFD3
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B9BAFE4
                                                                                                                                                                                                  • _control87.MSVCR100 ref: 6B9BAFEF
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: _control87$CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 295899318-0
                                                                                                                                                                                                  • Opcode ID: 92ee06b8d0fa7eec4161385d7085a9af4206e4a8c47f63a2049a67b08befe438
                                                                                                                                                                                                  • Instruction ID: 42901860caf67d661b9d6b15786c9d37c6cd5b725cd775fa559d88c571fb8efa
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 92ee06b8d0fa7eec4161385d7085a9af4206e4a8c47f63a2049a67b08befe438
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46F0E97250C2147ADF056BB5AC4689E7BB5DB91239730C51FF220861C0DF3ED1419B11
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9BCE0D
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 6B9BCE35
                                                                                                                                                                                                  • wcslen.MSVCR100 ref: 6B9BCE45
                                                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 6B9BCE61
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Global$CreateCurrentEnv@8EventExceptionH_prolog3_catchLockObjectSingleThreadThrowUnlockWaitwcslen
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1282198705-0
                                                                                                                                                                                                  • Opcode ID: 9f12f0caa936c13c47efb1b1af5cd7fbb09a383592e8eddb60c8f0ef1f0068dc
                                                                                                                                                                                                  • Instruction ID: e8bcfe2a8d6bc556a2a5331ff25ef833de6434e824f9c3da3be2ef322f8d5d69
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f12f0caa936c13c47efb1b1af5cd7fbb09a383592e8eddb60c8f0ef1f0068dc
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57F0283A104700EBDB14ABB5C88D66FB3BCAF5A359B10C929F90283240DF3CD940C761
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • malloc.MSVCR100 ref: 6B9D0533
                                                                                                                                                                                                  • _JNU_ThrowOutOfMemoryError@8.JAVA(?,Out of memory), ref: 6B9D0550
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Error@8MemoryThrowmalloc
                                                                                                                                                                                                  • String ID: Out of memory
                                                                                                                                                                                                  • API String ID: 2835357624-696950042
                                                                                                                                                                                                  • Opcode ID: da8ff2728318bb854db1821ac7a4ad607a21730d0c06dc29a4413b69867b48f4
                                                                                                                                                                                                  • Instruction ID: 04958016aaf112239fd78bcd07f94f7bcca7b637028c8c902d51f71e8a2449cb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: da8ff2728318bb854db1821ac7a4ad607a21730d0c06dc29a4413b69867b48f4
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48E14631605B029FE328DF2AD5E8796F7E5FB88304F40866ED46A8B250D73AF555CB80
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: freemalloc
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 3061335427-0
                                                                                                                                                                                                  • Opcode ID: d28566b995d6e70a7c39393bba5756e70b50601020348ef49122265f3c834675
                                                                                                                                                                                                  • Instruction ID: 9cac1bb6302f69da64957b83a9e0f5e0bc70c71600904305df3a2628d317849a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d28566b995d6e70a7c39393bba5756e70b50601020348ef49122265f3c834675
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4102AE74A047058FC718DF29C584A1ABBF5FF89304F218AADE8A98B352D734E951CF91
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3.LIBCMT ref: 6B998A2C
                                                                                                                                                                                                    • Part of subcall function 6B94F846: __EH_prolog3.LIBCMT ref: 6B94F84D
                                                                                                                                                                                                    • Part of subcall function 6B9D4232: __onexit.MSVCRT ref: 6B9D423A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog3$__onexit
                                                                                                                                                                                                  • String ID: Dead Key Flags$VKEY translations
                                                                                                                                                                                                  • API String ID: 896046064-1120667548
                                                                                                                                                                                                  • Opcode ID: 648593977b77c07e6ac6e6e2eba2810bd9011acb992b4ad6bd076cd73514880b
                                                                                                                                                                                                  • Instruction ID: c09685a669a7dea6dee36a9136f45a9480bca41e9226942b0b8fea934df5f51a
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 648593977b77c07e6ac6e6e2eba2810bd9011acb992b4ad6bd076cd73514880b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B515871A48206DBEB68AF349CC27BE77B9AB16398F08416DD452AB1C0DB7CC501C761
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B990651
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8
                                                                                                                                                                                                  • String ID: (IIII)V$handlePaint
                                                                                                                                                                                                  • API String ID: 97469293-1160853741
                                                                                                                                                                                                  • Opcode ID: c1af6f2214359931646a5c11a284b5274fb4b0bb32badef2d4cf253e0757bbd3
                                                                                                                                                                                                  • Instruction ID: e7668623a2b157defb48f29dbaee048f84c4e62b53574b228759c5d8d37a056b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c1af6f2214359931646a5c11a284b5274fb4b0bb32badef2d4cf253e0757bbd3
                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7514972900208AFDF41DFE8DD86EAEBBB9AF09314F488155F911EB251D735D901CB60
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_ThrowOutOfMemoryError@8.JAVA(?,Out of Memory,?,?,?,?), ref: 6B9AC6A2
                                                                                                                                                                                                  • memcpy.MSVCR100(00000000,?,?,?,?,?,?), ref: 6B9AC70D
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Error@8MemoryThrowmemcpy
                                                                                                                                                                                                  • String ID: Out of Memory
                                                                                                                                                                                                  • API String ID: 3747114692-774281260
                                                                                                                                                                                                  • Opcode ID: 50ec8e796e05b5a65db5d9e28d9b5cf8f36399d7bdccfe1bc9301120578206c1
                                                                                                                                                                                                  • Instruction ID: 61feac0f3b0453470280443ed7a03691b177e35d2600e348e859a87626a32b7b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 50ec8e796e05b5a65db5d9e28d9b5cf8f36399d7bdccfe1bc9301120578206c1
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B51D6352046059FD300DF69DC80E6BB3E9EFC9714F60496CF5588B341D73AE9068BA6
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_ThrowOutOfMemoryError@8.JAVA(?,Out of Memory,?,?,?,?,?,?,?,?,?,?,?,00000001,?,?), ref: 6B9AC52F
                                                                                                                                                                                                  • memcpy.MSVCR100(?,00000000,?), ref: 6B9AC5CE
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Error@8MemoryThrowmemcpy
                                                                                                                                                                                                  • String ID: Out of Memory
                                                                                                                                                                                                  • API String ID: 3747114692-774281260
                                                                                                                                                                                                  • Opcode ID: 293ec30cf28ad1e865397117ec7e31a2045163e16c8367387ad9f7b1f46d1f72
                                                                                                                                                                                                  • Instruction ID: 89d4f80a1930dc7ad4d2a07e6087da5b98375a82064c39755c5c175745d5f950
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 293ec30cf28ad1e865397117ec7e31a2045163e16c8367387ad9f7b1f46d1f72
                                                                                                                                                                                                  • Instruction Fuzzy Hash: B7416F712086019FD304DF69DC80E6BB3E9EFC9314F544A5DF5988B341DB39E9068BA5
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000003,00000001,D3DInitializer::InitImpl,C7CC4567,?,?,?,?,?,?,6B9D4FFB,000000FF), ref: 6B939BE0
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  • ?CreateInstance@D3DPipelineManager@@CAPAV1@XZ.AWT ref: 6B939BF9
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • D3DInitializer::InitImpl, xrefs: 6B939BD7
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Tracefprintf$CreateImplInit@0Instance@Manager@@Pipelinefflushvfprintf
                                                                                                                                                                                                  • String ID: D3DInitializer::InitImpl
                                                                                                                                                                                                  • API String ID: 318773428-4052130068
                                                                                                                                                                                                  • Opcode ID: f82e2ba93300e323421ad6ffc58734446304fa264b9fee89fca186d97676c9c7
                                                                                                                                                                                                  • Instruction ID: 4a8f81576acd767942495badf7fd808b4f2944c77b694704b0e3ab7fe7df17eb
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f82e2ba93300e323421ad6ffc58734446304fa264b9fee89fca186d97676c9c7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 35215272A046609BD7109F38CC81B6777D9EB99718F15062EE81AD7381EB3DD8008BA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Error:%08x in CoCreateInstance( CLSID_DragDropHelper, NULL, CLSCTX_ALL, IID_IDragSourceHelper, (LPVOID*)&pHelper), xrefs: 6B9A0DAD
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog3_catch_com_raise_error
                                                                                                                                                                                                  • String ID: Error:%08x in CoCreateInstance( CLSID_DragDropHelper, NULL, CLSCTX_ALL, IID_IDragSourceHelper, (LPVOID*)&pHelper)
                                                                                                                                                                                                  • API String ID: 126908072-3748714036
                                                                                                                                                                                                  • Opcode ID: 6e543469978f2d307e3239c1b851eb38a0874f3c65e4040f89e1481177df2996
                                                                                                                                                                                                  • Instruction ID: 52fbd8fb8a6105346340f35062d7343bddbc1aa7578fd51a19b9274ea3784403
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e543469978f2d307e3239c1b851eb38a0874f3c65e4040f89e1481177df2996
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58313675800209AFCF41EFB5C849ADEBBB4EF59318F248159F854A7250D738EA02CF61
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • TlsGetValue.KERNEL32(FFFFFFFF), ref: 6B94E168
                                                                                                                                                                                                  • _JNU_ThrowInternalError@8.JAVA(?,Unmatched unlock on Win32 SurfaceData), ref: 6B94E19A
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Unmatched unlock on Win32 SurfaceData, xrefs: 6B94E194
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Error@8InternalThrowValue
                                                                                                                                                                                                  • String ID: Unmatched unlock on Win32 SurfaceData
                                                                                                                                                                                                  • API String ID: 375967300-3804228358
                                                                                                                                                                                                  • Opcode ID: 76cbc9b7391666fa5a40bb0a520599611013a1b42d2254989e97f6664c06e7bd
                                                                                                                                                                                                  • Instruction ID: 862f4ff7e6eff18fadac70a2b678fc1e60b1e6920ac7b9158a8184a006288e5f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 76cbc9b7391666fa5a40bb0a520599611013a1b42d2254989e97f6664c06e7bd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6218831258B00AFD260DB25DD48F9BB7A8FF8E714F00895CE99A87240D734F802CB61
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • memset.MSVCR100 ref: 6B93AE7C
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,D3DRenderQueue_flushBuffer: cannot get direct buffer address), ref: 6B93AE98
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • D3DRenderQueue_flushBuffer: cannot get direct buffer address, xrefs: 6B93AE8F
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Tracefprintf$ImplInit@0fflushmemsetvfprintf
                                                                                                                                                                                                  • String ID: D3DRenderQueue_flushBuffer: cannot get direct buffer address
                                                                                                                                                                                                  • API String ID: 3389570045-1475403500
                                                                                                                                                                                                  • Opcode ID: c6916d9f1d131b34018dcf68c936f2e0d80e82ef2e5a9d6bcaba287e729daca7
                                                                                                                                                                                                  • Instruction ID: eb9f6d16660891e73b3a42c3f032b8dfb3a47ed3f9907f4d7ca8685b6193ad3d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c6916d9f1d131b34018dcf68c936f2e0d80e82ef2e5a9d6bcaba287e729daca7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 32118B75608211AFD714DB65D942F5B77E8AF89704F00892CF984A7280E779EA09CBA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch_GS.LIBCMT ref: 6B9CA4A1
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _JNU_ThrowInternalError@8.JAVA(?,Could not set display mode), ref: 6B9CA53E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Could not set display mode, xrefs: 6B9CA538
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Throw$CreateCurrentEnv@8Error@8EventExceptionH_prolog3_catch_InternalObjectSingleThreadWait
                                                                                                                                                                                                  • String ID: Could not set display mode
                                                                                                                                                                                                  • API String ID: 4046991326-2564335639
                                                                                                                                                                                                  • Opcode ID: f3a680e81510e5fb80566d17b405d32641b5ea234ddadb4cf376b7c967bf1646
                                                                                                                                                                                                  • Instruction ID: 6a38a3e8c5f843f8d5dd1492165e8e0b698b919bb30c29d34a663936a766ad04
                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3a680e81510e5fb80566d17b405d32641b5ea234ddadb4cf376b7c967bf1646
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E11F8B5A042089FCB60DF78C885B9E77B8AF59608F518095A518E7244D738DA41CF66
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9CCD07
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,raster data), ref: 6B9CCD41
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Exception@8H_prolog3_catchNullPointerThrow
                                                                                                                                                                                                  • String ID: raster data
                                                                                                                                                                                                  • API String ID: 3197484656-3234502937
                                                                                                                                                                                                  • Opcode ID: 53a2214dbd8a8732cefd69eced94daecd36a7f5d3ab1892346eec296e33704a2
                                                                                                                                                                                                  • Instruction ID: 15d86a8e9414426d01b5ab65fa6dd73aa2511ffd216280e28f75cc90c3aeb5a8
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 53a2214dbd8a8732cefd69eced94daecd36a7f5d3ab1892346eec296e33704a2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3012DB0900609AFDB11DFB8C889DAE7BB9EF49314B108569F9159B250D734DA418FA1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(00000000), ref: 6B938407
                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 6B938427
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@HandleModule
                                                                                                                                                                                                  • String ID: D3DFocusWindow
                                                                                                                                                                                                  • API String ID: 3964191634-2134717817
                                                                                                                                                                                                  • Opcode ID: 0e0d87c67c76fb7bf6d77992878622c2872ab18849921ac72cbf8ad86d243ef7
                                                                                                                                                                                                  • Instruction ID: 12102b5e276dd19532489fb043972d3501d64b67633b6fac13a18996c56c332f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e0d87c67c76fb7bf6d77992878622c2872ab18849921ac72cbf8ad86d243ef7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53017C712047109BD7749F7AD8D8B57B3A8EF55314F108A2DE4A2C7A91C778E485CBA0
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_GetEnv@8.JAVA(00010002), ref: 6B9CC246
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Env@8
                                                                                                                                                                                                  • String ID: ()V$draggedToNewScreen
                                                                                                                                                                                                  • API String ID: 97469293-3485263820
                                                                                                                                                                                                  • Opcode ID: 93426ab2a2b20a62044caa8f4a4421a77211895c3875f09b7862fef2f5bc7880
                                                                                                                                                                                                  • Instruction ID: d2c4efae3d6878a1ba63eb6c7582872c793348a677ca7e5cae942e8f5e0e6d5b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93426ab2a2b20a62044caa8f4a4421a77211895c3875f09b7862fef2f5bc7880
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA016D71200505BFD7119FA9CC89EEAB7FCEF59259B000175F958D7211DB29DC11CBA1
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • _JNU_ThrowInternalError@8.JAVA(?,Could not get desktop shell folder ID list), ref: 6B979BAE
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • Could not get desktop shell folder, xrefs: 6B979BA6
                                                                                                                                                                                                  • Could not get desktop shell folder ID list, xrefs: 6B979BE3
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Error@8InternalThrow
                                                                                                                                                                                                  • String ID: Could not get desktop shell folder$Could not get desktop shell folder ID list
                                                                                                                                                                                                  • API String ID: 3981042242-1859403181
                                                                                                                                                                                                  • Opcode ID: 0af02ac3b42c54b96008124c1a5b46f72f3e8b21bfe496ff9b08236f66ad4399
                                                                                                                                                                                                  • Instruction ID: f0b94c8f1d991500f064019066ccc8583296e09eb3e83244b945f56a4528f4b0
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0af02ac3b42c54b96008124c1a5b46f72f3e8b21bfe496ff9b08236f66ad4399
                                                                                                                                                                                                  • Instruction Fuzzy Hash: AAF0AFB1148104BFDF51ABA4CC02FAA3BADEB42644F40C070F90598051F375DA119B31
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000003,00000001,D3DContext::ResetContext), ref: 6B9362E5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  • ?ConfigureContext@D3DContext@@QAEJPAU_D3DPRESENT_PARAMETERS_@@@Z.AWT(?), ref: 6B936324
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • D3DContext::ResetContext, xrefs: 6B9362D5
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Tracefprintf$ConfigureContext@Context@@ImplInit@0S_@@@fflushvfprintf
                                                                                                                                                                                                  • String ID: D3DContext::ResetContext
                                                                                                                                                                                                  • API String ID: 2579119972-1876289660
                                                                                                                                                                                                  • Opcode ID: d53bcc281c88d0f2028e356c83fc5b4e863568f557caece1213e300955a72a9a
                                                                                                                                                                                                  • Instruction ID: c543920607a5aeeb8696b95c564bec5765d67340bd3c381fe1cf7146a09f429f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d53bcc281c88d0f2028e356c83fc5b4e863568f557caece1213e300955a72a9a
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64F06271A44310ABDB00DE649C816DA7BD4EB843A0F40447EFE5DE7250D679D545CBA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9A8D2D
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,str argument,0000000C), ref: 6B9A8D4E
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Throw$CreateCurrentEnv@8EventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                                                                                                                                  • String ID: str argument
                                                                                                                                                                                                  • API String ID: 608574450-2122614655
                                                                                                                                                                                                  • Opcode ID: a8797d349c82ea08ea7f44e8877725cb5b3c31316fb5931efeab1f644007b6c0
                                                                                                                                                                                                  • Instruction ID: b2ebd1db208d358d172fec129b9aa4abb6618e9fc9b49ad6bdddc3ab4f2150dc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8797d349c82ea08ea7f44e8877725cb5b3c31316fb5931efeab1f644007b6c0
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7F0AF34A04200ABCF519FB58C49E9E3BB8AF5A209B04C925F90496200C739C611DBB2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,preferredSize,(I)Ljava/awt/Dimension;,00000001), ref: 6B9B46E5
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CallMethodName
                                                                                                                                                                                                  • String ID: (I)Ljava/awt/Dimension;$preferredSize
                                                                                                                                                                                                  • API String ID: 4012259957-137616840
                                                                                                                                                                                                  • Opcode ID: cadfb3b7d4c343a937aadd4e7f878d4f99105b8de8498fddd35f82e264b260f7
                                                                                                                                                                                                  • Instruction ID: 8de8dbe2eab557c6cb716a4ffb17f278b2388b70a6e5bf3ff63e4d28850dfb6b
                                                                                                                                                                                                  • Opcode Fuzzy Hash: cadfb3b7d4c343a937aadd4e7f878d4f99105b8de8498fddd35f82e264b260f7
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44F0A7722111017BE7051B949C86FAB765DDF86258F14403AB600A7240DBA9AC028BB4
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(?,00000000,?,preferredSize,()Ljava/awt/Dimension;), ref: 6B9923C7
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CallMethodName
                                                                                                                                                                                                  • String ID: ()Ljava/awt/Dimension;$preferredSize
                                                                                                                                                                                                  • API String ID: 4012259957-3790510051
                                                                                                                                                                                                  • Opcode ID: 623e0f85c84f33d17931db05d84bd42b4e8dcbc4a12635f6af43caf7b6e0a3c2
                                                                                                                                                                                                  • Instruction ID: c86a7596408be5a9507cd0007040bc94d323285f881e8e3cb84da424f7f01093
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 623e0f85c84f33d17931db05d84bd42b4e8dcbc4a12635f6af43caf7b6e0a3c2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82F0E5B22111017FE7056B98EC46EEB769DDFC6258B14403AF60197200DBAAED02CBB0
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9A5BA2
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                                                                                                                                  • String ID: Ljava/lang/Object;$target
                                                                                                                                                                                                  • API String ID: 2376344244-2040044979
                                                                                                                                                                                                  • Opcode ID: 5a1ef24780c4b3a342b222f4a3108bc7a67503e7f66977e20599b9aacc7af928
                                                                                                                                                                                                  • Instruction ID: 7522deca91e1f2d4d09a0e7c9cd6801f5af5e9dc07959e462da02deef34cae51
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a1ef24780c4b3a342b222f4a3108bc7a67503e7f66977e20599b9aacc7af928
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27F01979544600EBDB51AF758809F8A3BB8AF5932AB50C454F9549B250CB38C541CF25
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000031), ref: 6B9C42DD
                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000032), ref: 6B9C42E3
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: MetricsSystem
                                                                                                                                                                                                  • String ID: AWT_ICON
                                                                                                                                                                                                  • API String ID: 4116985748-964608939
                                                                                                                                                                                                  • Opcode ID: 14434d610cee2636b2b2a74d72a8303949ba1e4e48be5e45d192cbb4add4badd
                                                                                                                                                                                                  • Instruction ID: f223e7478a6dc2a3b6471c092ae2af9be5bfac86a04ca76a52864285b6f659f7
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14434d610cee2636b2b2a74d72a8303949ba1e4e48be5e45d192cbb4add4badd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: BDF0B471718300ABDEA09A65DD46B463BBCE7C6790FC18156E124D7780C274D4028F62
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9A8CB7
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  • _JNU_ThrowNullPointerException@8.JAVA(?,fontMetrics' font), ref: 6B9A8CE9
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Throw$CreateCurrentEnv@8EventExceptionException@8H_prolog3_catchNullObjectPointerSingleThreadWait
                                                                                                                                                                                                  • String ID: fontMetrics' font
                                                                                                                                                                                                  • API String ID: 608574450-1502647170
                                                                                                                                                                                                  • Opcode ID: 5272b8d91f9597dfb43acc156df412efaef486d128bcffd36d6b4581f31cd052
                                                                                                                                                                                                  • Instruction ID: 6859e25aca8cadbdadc7608a49ddf4f6978ffd911ca3fe09f7c059b15637a4ac
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5272b8d91f9597dfb43acc156df412efaef486d128bcffd36d6b4581f31cd052
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28F0E235509510AFDB159F718805F8D3379BF1530EF10C048F9446A140CB3DD601CF26
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9C0401
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                                                                                                                                  • String ID: blockIncrement$unitIncrement
                                                                                                                                                                                                  • API String ID: 2376344244-3253556574
                                                                                                                                                                                                  • Opcode ID: d2f9fa550dfd4dd9ef709b75f0f5d18d773c36c08ac5b25cec02917a774d4860
                                                                                                                                                                                                  • Instruction ID: f04103e404fddfc12a8aeccabab664c402ccddf233cf040ec22d088ed2696a1e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2f9fa550dfd4dd9ef709b75f0f5d18d773c36c08ac5b25cec02917a774d4860
                                                                                                                                                                                                  • Instruction Fuzzy Hash: CAF03079504A04EBEF50AF75C849F8E3BB9AF5932AF10C454B9485B241CB3DC541CB62
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9C8686
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                                                                                                                                  • String ID: Ljava/lang/String;$actionCommand
                                                                                                                                                                                                  • API String ID: 2376344244-237537758
                                                                                                                                                                                                  • Opcode ID: 39fe7637f054cbd8235347ef999e1dd4325063a62ee9ec87b705c61cb977828d
                                                                                                                                                                                                  • Instruction ID: 89930df92eada1dd34be310ad9c6ae1a8ae4d1a74e82a94eb1dffc0cd0ef7fb9
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39fe7637f054cbd8235347ef999e1dd4325063a62ee9ec87b705c61cb977828d
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3F08C78504A10ABEB41AFB08809F8A3AB4BF1431AF10C455B9645F241DB38C501CB72
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • J2dTraceImpl.AWT(00000001,00000001,OGLGC_DestroyOGLGraphicsConfig: info is null,?,6B96D805,?,?,000000FF), ref: 6B98CBC2
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: _J2dTraceInit@0.AWT(?,6B924EE4,00000001,00000001,BufferedMaskBlit_enqueueTile: cannot lock mask array), ref: 6B97EA63
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EABA
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: vfprintf.MSVCR100 ref: 6B97EACB
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fprintf.MSVCR100 ref: 6B97EAE5
                                                                                                                                                                                                    • Part of subcall function 6B97EA57: fflush.MSVCR100 ref: 6B97EAEF
                                                                                                                                                                                                  • free.MSVCR100 ref: 6B98CBDA
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  • OGLGC_DestroyOGLGraphicsConfig: info is null, xrefs: 6B98CBB9
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: Tracefprintf$ImplInit@0fflushfreevfprintf
                                                                                                                                                                                                  • String ID: OGLGC_DestroyOGLGraphicsConfig: info is null
                                                                                                                                                                                                  • API String ID: 320543924-797612303
                                                                                                                                                                                                  • Opcode ID: 9f066bc572c24415830ddfeefe6060efa1c09aa6281aa4dd376784a49f9a36f2
                                                                                                                                                                                                  • Instruction ID: 3ce4df9732437eab1eac5031d4a0ecd3658f82d2cce8b6c62e736e2da3470c51
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f066bc572c24415830ddfeefe6060efa1c09aa6281aa4dd376784a49f9a36f2
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CD0C232D14D2023C6512629B802FCB23685FD1B25F0A4969F40437120C755E9C180E2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9BA696
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                    • Part of subcall function 6B9B94D6: __EH_prolog3_catch.LIBCMT ref: 6B9B94DD
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: H_prolog3_catch$CreateCurrentEnv@8EventExceptionObjectSingleThreadThrowWait
                                                                                                                                                                                                  • String ID: Ljava/awt/print/PrinterJob;$pjob
                                                                                                                                                                                                  • API String ID: 1199141719-2582049136
                                                                                                                                                                                                  • Opcode ID: 4b1f9edc39d0dc229f6d5f564270d77d45c37f8550005c4e708655640114a765
                                                                                                                                                                                                  • Instruction ID: 20a0b315fa6255258d07b9c45b8a28ade76ce514596447f73963b537b158d16f
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b1f9edc39d0dc229f6d5f564270d77d45c37f8550005c4e708655640114a765
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6BE04F79504614ABEB14AFB19846B8E7B75AF2422EF20C045F9541A381CB3ECB418FA6
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9B88E6
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                                                                                                                                  • String ID: Ljava/awt/Insets;$insets_
                                                                                                                                                                                                  • API String ID: 2376344244-797675677
                                                                                                                                                                                                  • Opcode ID: 4b798896551c150b61cdbd8458537ed26e687b8e80df270725480f9e863f670b
                                                                                                                                                                                                  • Instruction ID: fdbe4704628bbea6970feb3e9243c567275760a471a2aa496bd513430d27f74e
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b798896551c150b61cdbd8458537ed26e687b8e80df270725480f9e863f670b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1CE0EC78A04204ABDB40DBB1C54AB4D36796BA531EF10C554B5154E340CB3DC601CF26
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9BAD83
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                                                                                                                                  • String ID: Ljava/awt/print/PageFormat;$page
                                                                                                                                                                                                  • API String ID: 2376344244-1475000988
                                                                                                                                                                                                  • Opcode ID: db1a45eb4febab35d928ab9a76a804a45db20c5d891346d4570682e58c0f0ecd
                                                                                                                                                                                                  • Instruction ID: e1d61358f6ca190c623148360bb109a8d021d766b28d6bfb77fa3bde66d5ba5d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: db1a45eb4febab35d928ab9a76a804a45db20c5d891346d4570682e58c0f0ecd
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62E01278504604EBDB50EBB1C49AB4D36756F6531EF54C454A6099F240CB3DC505CF77
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • __EH_prolog3_catch.LIBCMT ref: 6B9C0470
                                                                                                                                                                                                    • Part of subcall function 6B9CF49D: _JNU_GetEnv@8.JAVA(6BDC5A58,00010002,6B9CA2EA,00000004,6B937083,?,00000020,?,00000020,?), ref: 6B9CF4AC
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: GetCurrentThreadId.KERNEL32 ref: 6B9C448B
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: _CxxThrowException.MSVCR100(?,6B9F9788), ref: 6B9C44A7
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,000000FF,?,6B9F9788), ref: 6B9C44B6
                                                                                                                                                                                                    • Part of subcall function 6B9C4450: WaitForSingleObject.KERNEL32(00000000), ref: 6B9C44BD
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CreateCurrentEnv@8EventExceptionH_prolog3_catchObjectSingleThreadThrowWait
                                                                                                                                                                                                  • String ID: (IIIZ)V$postScrollEvent
                                                                                                                                                                                                  • API String ID: 2376344244-3229334872
                                                                                                                                                                                                  • Opcode ID: c706d944ef11f3819f46dcacf088166c180f2bf6ac4f607b7469875237fb6961
                                                                                                                                                                                                  • Instruction ID: 9ebc414d83c36480df71edb5fdd236502b50ea0ed2693d8d2859ec454599617d
                                                                                                                                                                                                  • Opcode Fuzzy Hash: c706d944ef11f3819f46dcacf088166c180f2bf6ac4f607b7469875237fb6961
                                                                                                                                                                                                  • Instruction Fuzzy Hash: A9E012B9900604EBDB00DBB1C94AB4D37756F6521FF20C454E6459F281CB3DC501CB22
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • JNU_CallMethodByName.JAVA(00000000,00000000,00000000,getItemImpl,(I)Ljava/lang/String;,6B9B51B8,00000000,00000000,?,6B9B51B8,00000000,00000000,00000000,?,00000000,00000000), ref: 6B994EDA
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: CallMethodName
                                                                                                                                                                                                  • String ID: (I)Ljava/lang/String;$getItemImpl
                                                                                                                                                                                                  • API String ID: 4012259957-3545066294
                                                                                                                                                                                                  • Opcode ID: 3ad1ab7b3fc4a50c5a3bd42a3887a4cf2219640dc240788b1933ef6d7f5fccff
                                                                                                                                                                                                  • Instruction ID: 41ba60406ae1a8d8b3dd24bb09f18769e2278903b16340d0d3cc5605f28ef152
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ad1ab7b3fc4a50c5a3bd42a3887a4cf2219640dc240788b1933ef6d7f5fccff
                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9D0A9B2400208BBEF029F44CD02F4E3F68AFA0208F208009BD0025410E2B6EA21ABB0
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  • ??3@YAXPAX@Z.MSVCR100(?), ref: 6B98EE65
                                                                                                                                                                                                  • _JNU_ThrowOutOfMemoryError@8.JAVA(?,?), ref: 6B98EE74
                                                                                                                                                                                                  Strings
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: ??3@Error@8MemoryThrow
                                                                                                                                                                                                  • String ID: OutOfMemoryError
                                                                                                                                                                                                  • API String ID: 1207968103-1421130177
                                                                                                                                                                                                  • Opcode ID: bd6840003d47a0bf3f1d8391bc81aaf2a8a5c7f5b4f9c89e9438f61431c34fd6
                                                                                                                                                                                                  • Instruction ID: 03bf12f100539830bd7c0e6784d31fd95d6e9bf5747d5b449b464239a23c3ffc
                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd6840003d47a0bf3f1d8391bc81aaf2a8a5c7f5b4f9c89e9438f61431c34fd6
                                                                                                                                                                                                  • Instruction Fuzzy Hash: DDB09B30424B0457CF515F32DD0145D7D21BF7118CB40C414709419534C73EC8519F92
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: free
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                                                                  • Opcode ID: 262dda525ddfb1fbe2150475a281264525920f863b72fb3ab35e91f2ae96e996
                                                                                                                                                                                                  • Instruction ID: ebb54931f5b676c46ea017b38383e4bdf5593ca9a2000082dd8e529752050dff
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 262dda525ddfb1fbe2150475a281264525920f863b72fb3ab35e91f2ae96e996
                                                                                                                                                                                                  • Instruction Fuzzy Hash: FEE0657070470557EB00AA3AAC24FDF73DC6F81210F068478E899D3241E734F555CAA2
                                                                                                                                                                                                  APIs
                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                  • Source File: 00000009.00000002.2125608430.000000006B921000.00000020.00000001.01000000.00000017.sdmp, Offset: 6B920000, based on PE: true
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125584471.000000006B920000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125692771.000000006B9D9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125730889.000000006BA14000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125756269.000000006BA16000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125781488.000000006BA17000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125806593.000000006BA18000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125831151.000000006BA19000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1A000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125859096.000000006BA1D000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  • Associated: 00000009.00000002.2125903563.000000006BA40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_6b920000_javaw.jbxd
                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                  • API ID: free$ExceptionThrow
                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                  • API String ID: 4001284683-0
                                                                                                                                                                                                  • Opcode ID: 4d6840b0b3b8515721dba32921e98ecb696f1e68a525d79d4d60730e4f2cec1b
                                                                                                                                                                                                  • Instruction ID: a783f14c5a8ac0ee8e6391de3e6a9bd761d4cb5c549a5448761adac88ff09b23
                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d6840b0b3b8515721dba32921e98ecb696f1e68a525d79d4d60730e4f2cec1b
                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82E06532C0854EEE8F02AB91DC168FF7F35FF86250B140425E50072111DA25991ADB50