Windows Analysis Report
https://github.com/karakun/OpenWebStart/releases/download/v1.10.1/OpenWebStart_windows-x64_1_10_1.exe

Overview

General Information

Sample URL: https://github.com/karakun/OpenWebStart/releases/download/v1.10.1/OpenWebStart_windows-x64_1_10_1.exe
Analysis ID: 1560171
Infos:

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Exploit detected, runtime environment starts unknown processes
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Startup Folder File Write
Sigma detected: Usage Of Web Request Commands And Cmdlets
Uses Microsoft's Enhanced Cryptographic Provider
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE126D9448 CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext, 9_2_00007FFE126D9448
Source: unknown HTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: Binary string: c:\workspace\openjdk-build\workspace\build\src\build\windows-x86_64-normal-server-release\jdk\objs\libzip\zip.pdb source: java.exe, 00000009.00000002.2761493217.00007FFE1463D000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: java.exe, 00000009.00000002.2761282766.00007FFE13252000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: c:\workspace\openjdk-build\workspace\build\src\build\windows-x86_64-normal-server-release\jdk\objs\java_objs\java.pdb source: java.exe, 00000009.00000002.2760730941.00007FF650F1E000.00000002.00000001.01000000.00000006.sdmp, java.exe, 00000009.00000000.2740873098.00007FF650F1E000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\workspace\openjdk-build\workspace\build\src\build\windows-x86_64-normal-server-release\hotspot\windows_amd64_compiler2\product\jvm.pdb source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3893713061.000000006646B000.00000002.00000001.01000000.00000009.sdmp, java.exe, 00000009.00000002.2750406984.000000006646B000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: c:\workspace\openjdk-build\workspace\build\src\build\windows-x86_64-normal-server-release\jdk\objs\libzip\zip.pdb(( source: java.exe, 00000009.00000002.2761493217.00007FFE1463D000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: c:\workspace\openjdk-build\workspace\build\src\build\windows-x86_64-normal-server-release\jdk\objs\libjava\java.pdb source: java.exe, 00000009.00000002.2761079778.00007FFE126EA000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: java.exe, 00000009.00000002.2762044738.00007FFE1A4CD000.00000002.00000001.01000000.00000007.sdmp
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650EF79F0 FindFirstFileA,FindNextFileA,strchr,FindClose, 9_2_00007FF650EF79F0
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F15310 FindFirstFileExW, 9_2_00007FF650F15310
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE126D9EF0 wcslen,malloc,free,_errno,wcscpy,free,GetFileAttributesW,wcslen,wcscat,FindFirstFileW,free,GetLastError,wcscmp,wcscmp,wcslen,FindNextFileW,GetLastError,FindClose,FindClose,free, 9_2_00007FFE126D9EF0
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE126DB91C wcslen,FindFirstFileW,free,FindFirstFileW,FindClose,wcslen,wcslen,wcslen,_errno, 9_2_00007FFE126DB91C
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE126DB198 IsDBCSLeadByte,_fullpath,strlen,IsDBCSLeadByte,strchr,isalpha,toupper,strlen,FindFirstFileA,FindClose,strlen,strlen,_errno,_errno, 9_2_00007FFE126DB198
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE126DB5F8 malloc,_wfullpath,wcslen,wcsncmp,wcschr,towupper,_errno,_errno,free,wcslen,FindFirstFileW,free,FindFirstFileW,FindClose,wcslen,wcslen,_errno, 9_2_00007FFE126DB5F8
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE126D9C34 GetFileAttributesExW,GetLastError,FindFirstFileW,wcsrchr,wcscmp,FindClose,free, 9_2_00007FFE126D9C34
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE126DA5A8 GetFileAttributesExW,GetLastError,FindFirstFileW,FindClose, 9_2_00007FFE126DA5A8
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE13210E70 FindFirstFileExW,FindClose,wcscpy_s, 9_2_00007FFE13210E70
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File opened: c:\users\user\appdata\ Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File opened: c:\users\user\appdata\local\ Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File opened: c:\users\user\appdata\local\temp\ Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File opened: c:\users\user\appdata\local\temp\E4JA75~1.TMP\jre\ Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File opened: c:\users\user\ Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File opened: c:\users\user\appdata\local\temp\E4JA75~1.TMP\ Jump to behavior

Software Vulnerabilities

barindex
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Process created: C:\Windows\System32\conhost.exe
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /karakun/OpenWebStart/releases/download/v1.10.1/OpenWebStart_windows-x64_1_10_1.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: */*Accept-Encoding: identityHost: github.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /github-production-release-asset-2e65be/187595602/0e11e7a6-f296-4016-9dc1-a83eb621d062?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241121%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241121T125540Z&X-Amz-Expires=300&X-Amz-Signature=a248221241d7dcb97b5adb6f5cfd6839fd7720b81cb3a7c5836bea8b802a4058&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DOpenWebStart_windows-x64_1_10_1.exe&response-content-type=application%2Foctet-stream HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: */*Accept-Encoding: identityHost: objects.githubusercontent.comConnection: Keep-Alive
Source: global traffic DNS traffic detected: DNS query: github.com
Source: global traffic DNS traffic detected: DNS query: objects.githubusercontent.com
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/allow-java-encodings
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/create-cdata-nodes
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodes
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodesC
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansionG
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace:
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/include-comments
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/internal/parser-settings
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicates
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/namespace-growth
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/standard-uri-conformant
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2833255121.0000023DAE397000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2824085550.0000023DAE317000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/standard-uri-conformanter
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validate-annotations
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2824085550.0000023DAE317000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/dynamic
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2824085550.0000023DAE317000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/dynamicxml/int
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/schema
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/schema/element-default
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-value
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/schema:
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydef
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080257000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/xinclude
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/xincludeC
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/dom/current-element-node
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/dom/current-element-node7
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/dom/document-class-name
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/input-buffer-size
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2833255121.0000023DAE397000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2824085550.0000023DAE317000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/input-buffer-sizece
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/document-scanner
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/entity-manager
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/error-handler
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/error-handler=
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/error-reporter
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/namespace-binder
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/namespace-context
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2833255121.0000023DAE397000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2824085550.0000023DAE317000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver/propertie5
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/symbol-table
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/symbol-table6
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/validation-manager
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/validator/schema
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/locale
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/security-manager
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/security-managerI
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypes
Source: wget.exe, 00000002.00000003.2634144143.0000000002B91000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2634064594.0000000002B96000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ccsca2021.crl.certum.pl/ccsca2021.crl0s
Source: wget.exe, 00000002.00000003.2634144143.0000000002B91000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2634064594.0000000002B96000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ccsca2021.ocsp-certum.com05
Source: wget.exe, 00000002.00000003.2634144143.0000000002B91000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2634064594.0000000002B96000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
Source: wget.exe, 00000002.00000002.2644115460.0000000002B6D000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2634064594.0000000002B9E000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2643595853.0000000002B6A000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2643618757.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.2644315600.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2634125563.0000000002B9F000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2634064594.0000000002B96000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: wget.exe, 00000002.00000002.2644115460.0000000002B6D000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2634064594.0000000002B9E000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2643595853.0000000002B6A000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2643618757.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.2644315600.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2634125563.0000000002B9F000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2634064594.0000000002B96000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/dom/properties/
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2833255121.0000023DAE397000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2824085550.0000023DAE317000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080010000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/dom/properties/ancestor-check
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/dom/properties/r
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/jaxp/properties/
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/schema/features/
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/schema/features/)
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace3
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/stream/properties/
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080010000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtd
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2833255121.0000023DAE397000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2824085550.0000023DAE317000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtd/XML11NSDoc9
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/stream/properties/ld
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-statering;Lj
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event=
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.XMLConstants/property/
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD;
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchema
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D5E8C000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalStylesheet
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D5EDB000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080000000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.transform.dom.DOMResult/feature
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D5EDB000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080000000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.transform.dom.DOMSource/feature
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D5EDB000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080000000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.transform.sax.SAXResult/feature
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D5F91000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080099000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.transform.sax.SAXSource/feature
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D5E8C000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080117000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/feature
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D5E8C000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080117000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/feature/xmlfilter
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080000000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.transform.stax.StAXResult/feature
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D5EDB000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.transform.stax.StAXResult/featurekH
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D5F91000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080099000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.transform.stax.StAXSource/feature
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D5EDB000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080000000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.transform.stream.StreamResult/feature
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D5F91000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080099000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.transform.stream.StreamSource/feature
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2824085550.0000023DAE317000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080010000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://null.oracle.com/
Source: wget.exe, 00000002.00000002.2644115460.0000000002B6D000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2634064594.0000000002B9E000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2643595853.0000000002B6A000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2643618757.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.2644315600.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2634125563.0000000002B9F000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2634064594.0000000002B96000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.sectigo.com0
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3893713061.000000006646B000.00000002.00000001.01000000.00000009.sdmp, java.exe, 00000009.00000002.2750406984.000000006646B000.00000002.00000001.01000000.00000009.sdmp String found in binary or memory: http://openjdk.java.net/jeps/220).
Source: wget.exe, 00000002.00000003.2634144143.0000000002B91000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2634064594.0000000002B96000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://repository.certum.pl/ccsca2021.cer0
Source: wget.exe, 00000002.00000003.2634144143.0000000002B91000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2634064594.0000000002B96000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://repository.certum.pl/ctnca2.cer09
Source: wget.exe, 00000002.00000003.2634144143.0000000002B91000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2634064594.0000000002B96000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://subca.ocsp-certum.com02
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080358000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://timestamp.sectigo.com
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D675D000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2800058108.0000023DAE8E5000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2826224097.0000023DAE881000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2833378945.0000023DAE891000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2826098486.0000023DAE85B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: wget.exe, 00000002.00000003.2634144143.0000000002B91000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2634064594.0000000002B96000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.certum.pl/CPS0
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D6DBA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.ej-technologies.com/shared-mime-info-ext
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2826098486.0000023DAE85B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.ej-technologies.com/shared-mime-info-extss
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D6DBA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.freedesktop.org/standards/shared-mime-info
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2800058108.0000023DAE8E5000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2826224097.0000023DAE881000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2833378945.0000023DAE891000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2826098486.0000023DAE85B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.freedesktop.org/standards/shared-mime-infoass
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/feature/use-service-mechanism
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/feature/use-service-mechanismva/la
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/is-standalone
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D5E8C000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/is-standalone#m
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/1
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D5E8C000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080117000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/XmlFeatureManager
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2833255121.0000023DAE397000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2824085550.0000023DAE317000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080126000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementAttributeLimit
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D5E8C000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/enableExtensionFunctions
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080126000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2833255121.0000023DAE397000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2824085550.0000023DAE317000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimiturable
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2833255121.0000023DAE397000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2824085550.0000023DAE317000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2833255121.0000023DAE397000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2824085550.0000023DAE317000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2833255121.0000023DAE397000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2824085550.0000023DAE317000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080126000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepth
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2833255121.0000023DAE397000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2824085550.0000023DAE317000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimit
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2833255121.0000023DAE397000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2824085550.0000023DAE317000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080126000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimit
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2833255121.0000023DAE397000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2824085550.0000023DAE317000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080126000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080126000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxXMLNameLimit
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2833255121.0000023DAE397000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2824085550.0000023DAE317000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxXMLNameLimit))
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2833255121.0000023DAE397000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2824085550.0000023DAE317000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080126000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimit
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManager
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManager;
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080117000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://xml.apache.org/xalan
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D5F91000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D5E8C000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080117000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080010000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://xml.apache.org/xslt
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D5E8C000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://xml.apache.org/xslt;q
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/age
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/external-general-entities
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/external-parameter-entities
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2833255121.0000023DAE397000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2824085550.0000023DAE317000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080257000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/namespaces
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/namespaces?
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D5F91000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080010000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/string-interning
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/use-entity-resolver2
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080257000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/validation
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2830419630.0000023DAE3FF000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2799026905.0000023DAE340000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2822272851.0000023DAE3E7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/validation&
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/properties/
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D5F91000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080010000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/properties/declaration-handler
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080010000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/properties/dom-node
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D5F91000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/properties/dom-nodeC
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/properties/lexical-handler
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D5E8C000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/properties/lexical-handlercT
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.000000008046F000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/properties/xml-string
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D6984000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://adoptium.net
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D6984000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://adoptium.net.
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D6984000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://adoptium.net.K
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D68DE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://adoptium.net.K/
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D68DE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://adoptium.net.KT
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D6984000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://adoptium.net.SG
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D68DE000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://adoptium.net.s/
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D6392000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D63FA000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080126000.00000004.00001000.00020000.00000000.sdmp, java.exe, java.exe, 00000009.00000002.2753759856.00000000D5580000.00000004.00001000.00020000.00000000.sdmp, java.exe, 00000009.00000002.2761079778.00007FFE126EA000.00000002.00000001.01000000.0000000B.sdmp String found in binary or memory: https://adoptium.net/
Source: java.exe, 00000009.00000002.2761079778.00007FFE126EA000.00000002.00000001.01000000.0000000B.sdmp String found in binary or memory: https://adoptium.net/java.vendor.url.bughttps://github.com/adoptium/adoptium-support/issues%d.%djava
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D6984000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://adoptium.netC
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080257000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080358000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://download-openwebstart.com/updates/updates.xml
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.00000000803E4000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/JFormDesigner/FlatLaf
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D66FF000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2800058108.0000023DAE8E5000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2826224097.0000023DAE881000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2833378945.0000023DAE891000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2826098486.0000023DAE85B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/JFormDesigner/FlatLaf/issues/56#issuecomment-586297814
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D675D000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2800058108.0000023DAE8E5000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2826224097.0000023DAE881000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2833378945.0000023DAE891000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2826098486.0000023DAE85B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/JetBrains/intellij-community/
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D63FA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/adoptium/adoptium-
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D63FA000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/adoptium/adoptium-...
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D6392000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080126000.00000004.00001000.00020000.00000000.sdmp, java.exe, java.exe, 00000009.00000002.2750406984.000000006646B000.00000002.00000001.01000000.00000009.sdmp, java.exe, 00000009.00000002.2753759856.00000000D5580000.00000004.00001000.00020000.00000000.sdmp, java.exe, 00000009.00000002.2761079778.00007FFE126EA000.00000002.00000001.01000000.0000000B.sdmp String found in binary or memory: https://github.com/adoptium/adoptium-support/issues
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3893713061.000000006646B000.00000002.00000001.01000000.00000009.sdmp, java.exe, 00000009.00000002.2750406984.000000006646B000.00000002.00000001.01000000.00000009.sdmp String found in binary or memory: https://github.com/adoptium/adoptium-support/issuesgeneric-da-ea-disableassertions-enableassertions-
Source: wget.exe, 00000002.00000002.2643965268.0000000000A58000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/karakun/OpenWebStart/releases/download/v1.10.1/OpenWebStart_H?
Source: wget.exe, 00000002.00000002.2643965268.0000000000A50000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/karakun/OpenWebStart/releases/download/v1.10.1/OpenWebStart_windows-x64_1_10_1.ex
Source: wget.exe, 00000002.00000003.2634125563.0000000002B9F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://objects.githubusercontent.com/github-production-release-asset-2e65be/187595602/0e11e7a6-f296
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.0000000080358000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://openwebstart.com/
Source: wget.exe, 00000002.00000002.2644115460.0000000002B6D000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2634064594.0000000002B9E000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2643595853.0000000002B6A000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2643618757.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.2644315600.0000000002BA1000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2634125563.0000000002B9F000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2634064594.0000000002B96000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sectigo.com/CPS0
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D666C000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: wget.exe, 00000002.00000003.2634144143.0000000002B91000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.2634064594.0000000002B96000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.certum.pl/CPS0
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3894460697.00000000803E4000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.formdev.com/flatlaf/
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D675D000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2800058108.0000023DAE8E5000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2826224097.0000023DAE881000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2833378945.0000023DAE891000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2826098486.0000023DAE85B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.formdev.com/flatlaf/how-to-customize/
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3897411793.00000000D675D000.00000004.00001000.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2800058108.0000023DAE8E5000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2826224097.0000023DAE881000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2833378945.0000023DAE891000.00000004.00000020.00020000.00000000.sdmp, OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2826098486.0000023DAE85B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.formdev.com/flatlaf/properties-files/
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown HTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.199.110.133:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F0D164 9_2_00007FF650F0D164
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F1A6EC 9_2_00007FF650F1A6EC
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F0CAA4 9_2_00007FF650F0CAA4
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F07998 9_2_00007FF650F07998
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F15310 9_2_00007FF650F15310
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F13950 9_2_00007FF650F13950
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F17954 9_2_00007FF650F17954
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F1A968 9_2_00007FF650F1A968
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650EF9AA8 9_2_00007FF650EF9AA8
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650EFF294 9_2_00007FF650EFF294
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650EFEA84 9_2_00007FF650EFEA84
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F109E8 9_2_00007FF650F109E8
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F00A60 9_2_00007FF650F00A60
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F0541C 9_2_00007FF650F0541C
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F003D0 9_2_00007FF650F003D0
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F13950 9_2_00007FF650F13950
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F07350 9_2_00007FF650F07350
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F10368 9_2_00007FF650F10368
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650EFF498 9_2_00007FF650EFF498
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650EFEC88 9_2_00007FF650EFEC88
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650EF7E28 9_2_00007FF650EF7E28
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F0FED4 9_2_00007FF650F0FED4
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F0BF24 9_2_00007FF650F0BF24
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F04F10 9_2_00007FF650F04F10
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F00E98 9_2_00007FF650F00E98
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650EFEE8C 9_2_00007FF650EFEE8C
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F1C868 9_2_00007FF650F1C868
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650EF7F95 9_2_00007FF650EF7F95
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650EF878F 9_2_00007FF650EF878F
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650EFF090 9_2_00007FF650EFF090
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F08810 9_2_00007FF650F08810
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F00038 9_2_00007FF650F00038
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE126E7AB0 9_2_00007FFE126E7AB0
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE126E6B90 9_2_00007FFE126E6B90
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE126D4FE8 9_2_00007FFE126D4FE8
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE126D8480 9_2_00007FFE126D8480
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE126D4C54 9_2_00007FFE126D4C54
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE1323A39E 9_2_00007FFE1323A39E
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE132273E0 9_2_00007FFE132273E0
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE13213410 9_2_00007FFE13213410
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE13207AA8 9_2_00007FFE13207AA8
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE132332B8 9_2_00007FFE132332B8
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE13232AE0 9_2_00007FFE13232AE0
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE1322816C 9_2_00007FFE1322816C
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE13228950 9_2_00007FFE13228950
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE132081D8 9_2_00007FFE132081D8
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE132140E0 9_2_00007FFE132140E0
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE1323A39E 9_2_00007FFE1323A39E
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE13205FC8 9_2_00007FFE13205FC8
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE1323169C 9_2_00007FFE1323169C
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE13215E80 9_2_00007FFE13215E80
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE132216F0 9_2_00007FFE132216F0
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE13226720 9_2_00007FFE13226720
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE13221F10 9_2_00007FFE13221F10
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE13220570 9_2_00007FFE13220570
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE13236580 9_2_00007FFE13236580
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE13220E30 9_2_00007FFE13220E30
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE1322363C 9_2_00007FFE1322363C
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE13214E10 9_2_00007FFE13214E10
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE13224608 9_2_00007FFE13224608
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE13206C74 9_2_00007FFE13206C74
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE132344A0 9_2_00007FFE132344A0
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE14631190 9_2_00007FFE14631190
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE14635D5F 9_2_00007FFE14635D5F
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE14635565 9_2_00007FFE14635565
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE14638ED8 9_2_00007FFE14638ED8
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE146332C8 9_2_00007FFE146332C8
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE146353F8 9_2_00007FFE146353F8
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE1A46280C 9_2_00007FFE1A46280C
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE1A462F24 9_2_00007FFE1A462F24
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE1A4653DC 9_2_00007FFE1A4653DC
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE1A4C5878 9_2_00007FFE1A4C5878
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_0000026EA1897240 9_2_0000026EA1897240
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_0000026EA18963A1 9_2_0000026EA18963A1
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: String function: 00007FF650EF114C appears 33 times
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: String function: 00007FF650EF6548 appears 49 times
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: String function: 00007FFE1A4610F0 appears 84 times
Source: api-ms-win-core-heap-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-private-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.8.dr Static PE information: No import functions for PE file found
Source: classification engine Classification label: mal52.expl.win@8/205@2/2
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650EF6640 GetLastError,FormatMessageA,MessageBoxA,fwprintf,LocalFree, 9_2_00007FF650EF6640
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE126D9DAC GetVolumePathNameW,GetDiskFreeSpaceExW,free, 9_2_00007FFE126D9DAC
Source: C:\Windows\SysWOW64\cmd.exe File created: C:\Users\user\Desktop\cmdline.out Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Mutant created: NULL
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6308:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7612:120:WilError_03
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jtw380430090 Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: java.exe String found in binary or memory: -help
Source: java.exe String found in binary or memory: sun/launcher/LauncherHelper
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/karakun/OpenWebStart/releases/download/v1.10.1/OpenWebStart_windows-x64_1_10_1.exe" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/karakun/OpenWebStart/releases/download/v1.10.1/OpenWebStart_windows-x64_1_10_1.exe"
Source: unknown Process created: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe "C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe"
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Process created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe "c:\users\user\appdata\local\temp\E4JA75~1.TMP\jre\bin\java.exe" -version
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/karakun/OpenWebStart/releases/download/v1.10.1/OpenWebStart_windows-x64_1_10_1.exe" Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Process created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe "c:\users\user\appdata\local\temp\E4JA75~1.TMP\jre\bin\java.exe" -version Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: davhlpr.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: fwbase.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: opengl32.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: glu32.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Section loaded: wsock32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe File opened: c:\users\user\appdata\local\temp\E4JA75~1.TMP\jre\lib\amd64\jvm.cfg Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: Binary string: c:\workspace\openjdk-build\workspace\build\src\build\windows-x86_64-normal-server-release\jdk\objs\libzip\zip.pdb source: java.exe, 00000009.00000002.2761493217.00007FFE1463D000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: java.exe, 00000009.00000002.2761282766.00007FFE13252000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: c:\workspace\openjdk-build\workspace\build\src\build\windows-x86_64-normal-server-release\jdk\objs\java_objs\java.pdb source: java.exe, 00000009.00000002.2760730941.00007FF650F1E000.00000002.00000001.01000000.00000006.sdmp, java.exe, 00000009.00000000.2740873098.00007FF650F1E000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\workspace\openjdk-build\workspace\build\src\build\windows-x86_64-normal-server-release\hotspot\windows_amd64_compiler2\product\jvm.pdb source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3893713061.000000006646B000.00000002.00000001.01000000.00000009.sdmp, java.exe, 00000009.00000002.2750406984.000000006646B000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: c:\workspace\openjdk-build\workspace\build\src\build\windows-x86_64-normal-server-release\jdk\objs\libzip\zip.pdb(( source: java.exe, 00000009.00000002.2761493217.00007FFE1463D000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: c:\workspace\openjdk-build\workspace\build\src\build\windows-x86_64-normal-server-release\jdk\objs\libjava\java.pdb source: java.exe, 00000009.00000002.2761079778.00007FFE126EA000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: d:\agent\_work\2\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: java.exe, 00000009.00000002.2762044738.00007FFE1A4CD000.00000002.00000001.01000000.00000007.sdmp
Source: api-ms-win-core-console-l1-1-0.dll.8.dr Static PE information: 0x9A158DFF [Sat Dec 2 04:24:31 2051 UTC]
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650EF691C LoadLibraryA,GetProcAddress,GetProcAddress, 9_2_00007FF650EF691C
Source: OpenWebStart_windows-x64_1_10_1.exe.2.dr Static PE information: section name: _RDATA
Source: msvcp140.dll.8.dr Static PE information: section name: .didat
Source: sawindbg.dll.8.dr Static PE information: section name: .00cfg
Source: unpack200.exe.8.dr Static PE information: section name: .00cfg
Source: WindowsAccessBridge-64.dll.8.dr Static PE information: section name: .gxfg
Source: WindowsAccessBridge-64.dll.8.dr Static PE information: section name: .gehcont
Source: freetype.dll.8.dr Static PE information: section name: .00cfg
Source: instrument.dll.8.dr Static PE information: section name: .gxfg
Source: instrument.dll.8.dr Static PE information: section name: .gehcont
Source: java.exe.8.dr Static PE information: section name: .gxfg
Source: java.exe.8.dr Static PE information: section name: .gehcont
Source: javaw.exe.8.dr Static PE information: section name: .gxfg
Source: javaw.exe.8.dr Static PE information: section name: .gehcont
Source: jli.dll.8.dr Static PE information: section name: .gxfg
Source: jli.dll.8.dr Static PE information: section name: .gehcont
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\zip.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\unpack.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\sunmscapi.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\npt.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\msvcp140.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\ktab.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\dt_socket.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\instrument.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\keytool.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\dt_shmem.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\net.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\jli.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\jaas_nt.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\orbd.exe Jump to dropped file
Source: C:\Windows\SysWOW64\wget.exe File created: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\j2pkcs11.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\WindowsAccessBridge-64.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\nio.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\jabswitch.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\jjs.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\awt.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\management.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\jsdt.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\w2k_lsa_auth.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\ucrtbase.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\mlib_image.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\splashscreen.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java_crw_demo.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\rmid.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\tnameserv.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java-rmi.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\pack200.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\servertool.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\JAWTAccessBridge-64.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\klist.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\jsoundds.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\jsound.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\rmiregistry.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\j2pcsc.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\JavaAccessBridge-64.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\policytool.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\attach.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\vcruntime140.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\jpeg.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\server\jvm.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\unpack200.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\jdwp.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\sunec.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\sawindbg.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\sspi_bridge.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-private-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\freetype.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\verify.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\hprof.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\kinit.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\javaw.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\j2gss.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\jawt.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\lcms.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\fontmanager.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE13236580 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 9_2_00007FFE13236580
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\zip.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\unpack.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\sunmscapi.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\npt.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\ktab.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\dt_socket.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\instrument.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\keytool.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\dt_shmem.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\net.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\jli.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\jaas_nt.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\orbd.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\j2pkcs11.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\WindowsAccessBridge-64.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\nio.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\jabswitch.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\jjs.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\awt.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\jsdt.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\management.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\w2k_lsa_auth.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\mlib_image.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\splashscreen.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java_crw_demo.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\rmid.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\tnameserv.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java-rmi.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\pack200.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\servertool.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\JAWTAccessBridge-64.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\klist.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\jsoundds.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\jsound.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\rmiregistry.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\j2pcsc.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\JavaAccessBridge-64.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\policytool.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\attach.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\jpeg.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\server\jvm.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\unpack200.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\jdwp.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\sunec.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\sawindbg.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\sspi_bridge.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-private-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\freetype.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\hprof.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\verify.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\kinit.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\javaw.exe Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\j2gss.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\jawt.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\fontmanager.dll Jump to dropped file
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\lcms.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe API coverage: 7.3 %
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File Volume queried: C:\Program Files FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650EF79F0 FindFirstFileA,FindNextFileA,strchr,FindClose, 9_2_00007FF650EF79F0
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F15310 FindFirstFileExW, 9_2_00007FF650F15310
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE126D9EF0 wcslen,malloc,free,_errno,wcscpy,free,GetFileAttributesW,wcslen,wcscat,FindFirstFileW,free,GetLastError,wcscmp,wcscmp,wcslen,FindNextFileW,GetLastError,FindClose,FindClose,free, 9_2_00007FFE126D9EF0
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE126DB91C wcslen,FindFirstFileW,free,FindFirstFileW,FindClose,wcslen,wcslen,wcslen,_errno, 9_2_00007FFE126DB91C
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE126DB198 IsDBCSLeadByte,_fullpath,strlen,IsDBCSLeadByte,strchr,isalpha,toupper,strlen,FindFirstFileA,FindClose,strlen,strlen,_errno,_errno, 9_2_00007FFE126DB198
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE126DB5F8 malloc,_wfullpath,wcslen,wcsncmp,wcschr,towupper,_errno,_errno,free,wcslen,FindFirstFileW,free,FindFirstFileW,FindClose,wcslen,wcslen,_errno, 9_2_00007FFE126DB5F8
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE126D9C34 GetFileAttributesExW,GetLastError,FindFirstFileW,wcsrchr,wcscmp,FindClose,free, 9_2_00007FFE126D9C34
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE126DA5A8 GetFileAttributesExW,GetLastError,FindFirstFileW,FindClose, 9_2_00007FFE126DA5A8
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE13210E70 FindFirstFileExW,FindClose,wcscpy_s, 9_2_00007FFE13210E70
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE126DD548 GetSystemInfo,IsProcessorFeaturePresent,IsProcessorFeaturePresent, 9_2_00007FFE126DD548
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File opened: c:\users\user\appdata\ Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File opened: c:\users\user\appdata\local\ Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File opened: c:\users\user\appdata\local\temp\ Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File opened: c:\users\user\appdata\local\temp\E4JA75~1.TMP\jre\ Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File opened: c:\users\user\ Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe File opened: c:\users\user\appdata\local\temp\E4JA75~1.TMP\ Jump to behavior
Source: java.exe, 00000009.00000002.2755858658.0000026E9FDE1000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: wjava/lang/VirtualMachineError
Source: java.exe, 00000009.00000003.2747999662.0000026EB5FF6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3893713061.000000006646B000.00000002.00000001.01000000.00000009.sdmp, java.exe, 00000009.00000002.2750406984.000000006646B000.00000002.00000001.01000000.00000009.sdmp Binary or memory string: java/lang/VirtualMachineError
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3893713061.000000006646B000.00000002.00000001.01000000.00000009.sdmp, java.exe, 00000009.00000002.2750406984.000000006646B000.00000002.00000001.01000000.00000009.sdmp Binary or memory string: Unable to link/verify VirtualMachineError class
Source: java.exe, 00000009.00000003.2747999662.0000026EB5FF6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: org/omg/CORBA/OMGVMCID.classPK
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3893713061.000000006646B000.00000002.00000001.01000000.00000009.sdmp, java.exe, 00000009.00000002.2750406984.000000006646B000.00000002.00000001.01000000.00000009.sdmp Binary or memory string: _well_known_klasses[SystemDictionary::VirtualMachineError_klass_knum]
Source: java.exe, 00000009.00000003.2747999662.0000026EB5FF6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: )$T+com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000003.2764538328.0000023DACE16000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000009.00000003.2747999662.0000026EB5FF6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: java/lang/VirtualMachineError.classPK
Source: OpenWebStart_windows-x64_1_10_1.exe, 00000008.00000002.3893713061.000000006646B000.00000002.00000001.01000000.00000009.sdmp, java.exe, 00000009.00000002.2750406984.000000006646B000.00000002.00000001.01000000.00000009.sdmp Binary or memory string: &fSize of %s (%llu bytes) must be aligned to %llu bytes-2147483648vtable list too smallguarantee((*n) < count) failedC:\workspace\openjdk-build\workspace\build\src\hotspot\src\share\vm\memory\universe.cppGenesisheap address: 0x%016llx, size: %llu MB, Compressed Oops mode: %s:0x%016llx, Oop shift amount: %dCould not reserve enough space for %lluKB object heap32-bitZero basedNon-zero basedUnable to link/verify VirtualMachineError classJava heap space: failed reallocation of scalar replaced objectsUnable to link/verify Finalizer.register methodUnable to link/verify Unsafe.throwIllegalAccessError methodUnable to link/verify ClassLoader.addClass methodProtectionDomain.impliesCreateAccessControlContext() has the wrong linkageHeap{Heap before GC invocations=%u (full %u):Heap after GC invocations=%u (full %u): ,heapsymbol_tablestring_tablecodecachedictionaryclassloader_data_graphjni_handlesc-heapcodecache_oopsVerifySubSet: '%s' memory sub-system is unknown, please correct it[Verifying Threads Heap SymbolTable StringTable CodeCache SystemDictionary MetaspaceAux JNIHandles C-heap CodeCache Oops C:\workspace\openjdk-build\workspace\build\src\hotspot\src\share\vm\gc_interface/collectedHeap.inline.hppC:\workspace\openjdk-build\workspace\build\src\hotspot\src\share\vm\oops\arrayKlass.cpp[] - length: %dshould have a classguarantee(component_mirror()->klass() != NULL) failedmust be arrayguarantee(obj->is_array()) failedarray with negative length?guarantee(a->length() >= 0) failedshould be klassvtable restored by this callguarantee(is_constantPool()) failedA constant pool lockRESOLVE %s %s %s:%d
Source: wget.exe, 00000002.00000002.2643965268.0000000000A58000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000009.00000002.2755858658.0000026E9FDA8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F0ECB4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 9_2_00007FF650F0ECB4
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650EF691C LoadLibraryA,GetProcAddress,GetProcAddress, 9_2_00007FF650EF691C
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F16FAC GetProcessHeap, 9_2_00007FF650F16FAC
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650EFB204 SetUnhandledExceptionFilter, 9_2_00007FF650EFB204
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650EFA944 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 9_2_00007FF650EFA944
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F0ECB4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 9_2_00007FF650F0ECB4
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650EFB05C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 9_2_00007FF650EFB05C
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE126E8A84 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 9_2_00007FFE126E8A84
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE126E9614 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 9_2_00007FFE126E9614
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE1324D460 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 9_2_00007FFE1324D460
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE1463BDFC IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 9_2_00007FFE1463BDFC
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE1463B354 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 9_2_00007FFE1463B354
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE1A46686C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 9_2_00007FFE1A46686C
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE1A4673D8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 9_2_00007FFE1A4673D8
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE1A4CC6CC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 9_2_00007FFE1A4CC6CC
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Memory protected: page read and write | page guard Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Process created: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe "c:\users\user\appdata\local\temp\E4JA75~1.TMP\jre\bin\java.exe" -version Jump to behavior
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe c:\windows\system32\cmd.exe /c wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://github.com/karakun/openwebstart/releases/download/v1.10.1/openwebstart_windows-x64_1_10_1.exe" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://github.com/karakun/openwebstart/releases/download/v1.10.1/openwebstart_windows-x64_1_10_1.exe"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://github.com/karakun/openwebstart/releases/download/v1.10.1/openwebstart_windows-x64_1_10_1.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F1C6B0 cpuid 9_2_00007FF650F1C6B0
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: malloc,GetLocaleInfoA,strlen,malloc,GetLocaleInfoA,GetLocaleInfoA,malloc,GetLocaleInfoA,GetLocaleInfoA,strcpy,strcpy,malloc,strcmp,strcpy,strcmp,strcpy,strcpy,strcpy, 9_2_00007FFE126DD33C
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: malloc,GetLocaleInfoA,atoi,strcpy,strcmp,MultiByteToWideChar,strcmp,IsValidCodePage,GetWindowsDirectoryA,strlen,strlen,strcat,fopen,fclose,strcpy, 9_2_00007FFE126DD644
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: __crtDownlevelLocaleNameToLCID,GetLocaleInfoW, 9_2_00007FFE13209B90
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: ___lc_locale_name_func,__crtGetLocaleInfoEx, 9_2_00007FFE1322F930
Source: C:\Windows\SysWOW64\wget.exe Queries volume information: C:\Users\user\Desktop\download VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Queries volume information: C:\Users\user\AppData\Local\Temp\hsperfdata_user\3804 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Queries volume information: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\lib\resources.jar VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Queries volume information: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\lib\rt.jar VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Queries volume information: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\lib\jsse.jar VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Queries volume information: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\lib\jce.jar VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Queries volume information: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\lib\jfr.jar VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Queries volume information: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Queries volume information: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\server\jvm.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Queries volume information: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Queries volume information: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Queries volume information: C:\Users\user\AppData\Local\Temp\hsperfdata_user\6284 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Queries volume information: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\lib\resources.jar VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Queries volume information: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\lib\rt.jar VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Queries volume information: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\lib\jsse.jar VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Queries volume information: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\lib\jce.jar VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Queries volume information: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\lib\charsets.jar VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\download\OpenWebStart_windows-x64_1_10_1.exe Code function: 8_2_6646A23C GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 8_2_6646A23C
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE126DCC3C GetTempPathW,_wcsdup,_wgetenv,_wcsdup,GetVersionExA,_strdup,memset,GetNativeSystemInfo,strlen,GetSystemDirectoryW,wcsncat,GetFileVersionInfoSizeW,GetFileVersionInfoSizeExW,malloc,GetFileVersionInfoW,VerQueryValueW,free,_strdup,_wgetenv,wcslen,_wcsdup,GetUserNameW,GetLastError,malloc,GetUserNameW,free,GetUserDefaultLCID,GetSystemDefaultLCID,GetUserDefaultUILanguage,GetStdHandle,GetFileType,GetStdHandle,GetFileType,GetCurrentDirectoryW,_wcsdup, 9_2_00007FFE126DCC3C
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FF650F1A6EC _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation, 9_2_00007FF650F1A6EC
Source: C:\Users\user\AppData\Local\Temp\e4jA753.tmp_dir1732193841\jre\bin\java.exe Code function: 9_2_00007FFE126DCC3C GetTempPathW,_wcsdup,_wgetenv,_wcsdup,GetVersionExA,_strdup,memset,GetNativeSystemInfo,strlen,GetSystemDirectoryW,wcsncat,GetFileVersionInfoSizeW,GetFileVersionInfoSizeExW,malloc,GetFileVersionInfoW,VerQueryValueW,free,_strdup,_wgetenv,wcslen,_wcsdup,GetUserNameW,GetLastError,malloc,GetUserNameW,free,GetUserDefaultLCID,GetSystemDefaultLCID,GetUserDefaultUILanguage,GetStdHandle,GetFileType,GetStdHandle,GetFileType,GetCurrentDirectoryW,_wcsdup, 9_2_00007FFE126DCC3C
Source: C:\Windows\SysWOW64\wget.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs