| Source: java.exe, 00000002.00000002.1801801717.0000000009DF7000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.0000000009968000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3008961235.0000000009D68000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://bugreport.sun.com/bugreport/ |
| Source: javaw.exe, 00000016.00000002.3006328327.0000000004808000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRoo |
| Source: java.exe, 00000002.00000002.1801801717.0000000009F65000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1799231041.0000000004D29000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.0000000009997000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.00000000099F8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3008961235.0000000009DF8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3008961235.0000000009D97000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001A.00000002.3009108330.00000000097F8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt |
| Source: java.exe, 00000002.00000002.1801801717.0000000009F65000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1806610893.0000000015490000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000002.1801801717.0000000009ED2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000003.2407427930.0000000014FB1000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000002.3014723940.0000000014FD2000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.0000000009997000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000003.1851426752.0000000014F8A000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000003.1851690816.0000000014FCB000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000003.2407940459.0000000014FCB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3014954855.00000000153A7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3008961235.0000000009D97000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000003.1973692767.0000000015389000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000016.00000003.1973874850.00000000153A0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
| Source: java.exe, 00000002.00000002.1799231041.0000000004D29000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crts |
| Source: java.exe, 00000002.00000002.1801801717.0000000009ED2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.0000000009997000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.00000000099F8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3008961235.0000000009DF8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3008961235.0000000009D97000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001A.00000002.3009108330.00000000097F8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt |
| Source: java.exe, 00000002.00000002.1801801717.0000000009ED2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.0000000009968000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3008961235.0000000009D68000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
| Source: java.exe, 00000002.00000002.1801801717.0000000009F65000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1799231041.0000000004D29000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.0000000009997000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.00000000099F8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3008961235.0000000009DF8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3008961235.0000000009D97000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001A.00000002.3009108330.00000000097F8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt |
| Source: java.exe, 00000002.00000002.1801801717.0000000009F65000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1801801717.0000000009ED2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.0000000009997000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3008961235.0000000009D97000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
| Source: java.exe, 00000002.00000002.1799231041.0000000004D29000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crts |
| Source: java.exe, 00000002.00000002.1801801717.0000000009F65000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1799231041.0000000004D29000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.0000000009A01000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.0000000009997000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3008961235.0000000009E01000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3008961235.0000000009D97000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl |
| Source: java.exe, 00000002.00000002.1801801717.0000000009F65000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1806610893.0000000015490000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000002.1801801717.0000000009ED2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000003.2407427930.0000000014FB1000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000002.3014723940.0000000014FD2000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.0000000009997000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000003.1851426752.0000000014F8A000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000003.1851690816.0000000014FCB000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000003.2407940459.0000000014FCB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3014954855.00000000153A7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3008961235.0000000009D97000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000003.1973692767.0000000015389000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000016.00000003.1973874850.00000000153A0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
| Source: java.exe, 00000002.00000002.1799231041.0000000004D29000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crlS |
| Source: java.exe, 00000002.00000002.1801801717.0000000009ED2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.0000000009A01000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.0000000009997000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3008961235.0000000009E01000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3008961235.0000000009D97000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl |
| Source: java.exe, 00000002.00000002.1801801717.0000000009ED2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.0000000009997000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.0000000009968000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3008961235.0000000009D68000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3008961235.0000000009D97000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
| Source: java.exe, 00000002.00000002.1801801717.0000000009F65000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1799231041.0000000004D29000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.0000000009997000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.0000000009A08000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3008961235.0000000009D97000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3008961235.0000000009E08000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl |
| Source: java.exe, 00000002.00000002.1801801717.0000000009F65000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1806610893.0000000015490000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000002.1801801717.0000000009ED2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000003.2407427930.0000000014FB1000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000002.3014723940.0000000014FD2000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.0000000009997000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000003.1851426752.0000000014F8A000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000003.1851690816.0000000014FCB000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000003.2407940459.0000000014FCB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3014954855.00000000153A7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3008961235.0000000009D97000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000003.1973692767.0000000015389000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000016.00000003.1973874850.00000000153A0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
| Source: java.exe, 00000002.00000002.1801801717.0000000009E10000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.0000000009997000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3008961235.0000000009D97000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://java.oracle.com/ |
| Source: java.exe, 00000002.00000002.1799231041.0000000004814000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1799231041.00000000049B2000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://jbfrost.live/strigoi/server/?hwid=1& |
| Source: javaw.exe, 0000001A.00000002.3006380906.00000000045B9000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5 |
| Source: java.exe, 00000002.00000002.1801801717.000000000A022000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1805910363.00000000150E0000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000002.1806610893.00000000155EF000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.0000000009B08000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000003.2407427930.0000000014FB1000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000003.1851910383.0000000014FE5000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000003.1851426752.0000000014F8A000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000003.2408218238.0000000014FF5000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000003.1851690816.0000000014FCB000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000002.3014957684.0000000014FFC000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000003.2407940459.0000000014FCB000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000003.2408188379.0000000014FE5000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3013011209.0000000014F8B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3006328327.0000000004C4B000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000003.1974052145.0000000014F74000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000016.00000003.1974634408.0000000014F84000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000001A.00000002.3006380906.000000000464E000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001A.00000003.2056506590.0000000014C82000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://null.oracle.com/ |
| Source: java.exe, 00000002.00000002.1799231041.0000000004D29000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.00000000099F8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3008961235.0000000009DF8000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 0000001A.00000002.3009108330.00000000097F8000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com |
| Source: java.exe, 00000002.00000002.1801801717.0000000009F65000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1799231041.0000000004D29000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1801801717.0000000009ED2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.0000000009997000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3008961235.0000000009D97000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0A |
| Source: java.exe, 00000002.00000002.1801801717.0000000009F65000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1806610893.0000000015490000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000002.00000002.1799231041.0000000004D29000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1801801717.0000000009ED2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000003.2407427930.0000000014FB1000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000002.3014723940.0000000014FD2000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.0000000009997000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000003.1851426752.0000000014F8A000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000003.1851690816.0000000014FCB000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000003.2407940459.0000000014FCB000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3014954855.00000000153A7000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3008961235.0000000009D97000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000003.1973692767.0000000015389000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000016.00000003.1973874850.00000000153A0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0C |
| Source: java.exe, 00000002.00000002.1801801717.0000000009F65000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.1801801717.0000000009ED2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.0000000009997000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000006.00000002.3008381214.0000000009968000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3008961235.0000000009D68000.00000004.00000800.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3008961235.0000000009D97000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0X |
| Source: java.exe, 00000002.00000002.1799231041.0000000004D29000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.comC |
| Source: unknown | Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\Shipping Bill6239999 dated 13122024.PDF.jar"" >> C:\cmdlinestart.log 2>&1 | |
| Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
| Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\Shipping Bill6239999 dated 13122024.PDF.jar" | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M | |
| Source: C:\Windows\SysWOW64\icacls.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd /c schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\Users\user\AppData\Roaming\Shipping Bill6239999 dated 13122024.PDF.jar" | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Process created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -jar "C:\Users\user\AppData\Roaming\Shipping Bill6239999 dated 13122024.PDF.jar" | |
| Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
| Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\Users\user\AppData\Roaming\Shipping Bill6239999 dated 13122024.PDF.jar" | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c "wmic /node:. /namespace:'\\root\cimv2' path win32_logicaldisk get volumeserialnumber /format:list" | |
| Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
| Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic /node:. /namespace:'\\root\cimv2' path win32_logicaldisk get volumeserialnumber /format:list | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c "wmic /node:. /namespace:'\\root\cimv2' path win32_operatingsystem get caption,OSArchitecture /format:list" | |
| Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
| Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic /node:. /namespace:'\\root\cimv2' path win32_operatingsystem get caption,OSArchitecture /format:list | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c "wmic /node:. /namespace:'\\root\cimv2' path win32_operatingsystem get version /format:list" | |
| Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
| Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic /node:. /namespace:'\\root\cimv2' path win32_operatingsystem get version /format:list | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c "wmic /node:localhost /namespace:'\\root\securitycenter2' path antivirusproduct get displayname /format:list" | |
| Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
| Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic /node:localhost /namespace:'\\root\securitycenter2' path antivirusproduct get displayname /format:list | |
| Source: unknown | Process created: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe "C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\user\AppData\Roaming\Shipping Bill6239999 dated 13122024.PDF.jar" | |
| Source: unknown | Process created: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe "C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\user\AppData\Roaming\Shipping Bill6239999 dated 13122024.PDF.jar" | |
| Source: unknown | Process created: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe "C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\user\AppData\Roaming\Shipping Bill6239999 dated 13122024.PDF.jar" | |
| Source: unknown | Process created: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe "C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shipping Bill6239999 dated 13122024.PDF.jar" | |
| Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\Shipping Bill6239999 dated 13122024.PDF.jar" | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd /c schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\Users\user\AppData\Roaming\Shipping Bill6239999 dated 13122024.PDF.jar" | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Process created: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe "C:\Program Files (x86)\Java\jre-1.8\bin\java.exe" -jar "C:\Users\user\AppData\Roaming\Shipping Bill6239999 dated 13122024.PDF.jar" | Jump to behavior |
| Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\Users\user\AppData\Roaming\Shipping Bill6239999 dated 13122024.PDF.jar" | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c "wmic /node:. /namespace:'\\root\cimv2' path win32_logicaldisk get volumeserialnumber /format:list" | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c "wmic /node:. /namespace:'\\root\cimv2' path win32_operatingsystem get caption,OSArchitecture /format:list" | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c "wmic /node:. /namespace:'\\root\cimv2' path win32_operatingsystem get version /format:list" | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c "wmic /node:localhost /namespace:'\\root\securitycenter2' path antivirusproduct get displayname /format:list" | Jump to behavior |
| Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic /node:. /namespace:'\\root\cimv2' path win32_logicaldisk get volumeserialnumber /format:list | Jump to behavior |
| Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic /node:. /namespace:'\\root\cimv2' path win32_operatingsystem get caption,OSArchitecture /format:list | Jump to behavior |
| Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic /node:. /namespace:'\\root\cimv2' path win32_operatingsystem get version /format:list | Jump to behavior |
| Source: C:\Windows\SysWOW64\cmd.exe | Process created: C:\Windows\SysWOW64\wbem\WMIC.exe wmic /node:localhost /namespace:'\\root\securitycenter2' path antivirusproduct get displayname /format:list | Jump to behavior |
| Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: wsock32.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: winmm.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: mswsock.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: dnsapi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\icacls.exe | Section loaded: ntmarta.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: wsock32.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: winmm.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: mswsock.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: dnsapi.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: rasadhlp.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Section loaded: fwpuclnt.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: taskschd.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\schtasks.exe | Section loaded: xmllite.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: framedynos.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: wbemcomn.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: msxml6.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: urlmon.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: iertutil.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: srvcli.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: vcruntime140.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: amsi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: framedynos.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: wbemcomn.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: msxml6.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: urlmon.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: iertutil.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: srvcli.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: vcruntime140.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: amsi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: framedynos.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: wbemcomn.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: msxml6.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: urlmon.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: iertutil.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: srvcli.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: vcruntime140.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: amsi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: framedynos.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: wbemcomn.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: msxml6.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: urlmon.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: iertutil.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: srvcli.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: vcruntime140.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: amsi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\wbem\WMIC.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: wsock32.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: winmm.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: mswsock.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: iphlpapi.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: dhcpcsvc6.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: dhcpcsvc.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: dnsapi.dll | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: wsock32.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: winmm.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: version.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: kernel.appcore.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: windows.storage.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: wldp.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: profapi.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: mswsock.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: iphlpapi.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: dhcpcsvc6.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: dhcpcsvc.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: dnsapi.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: wsock32.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: winmm.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: version.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: kernel.appcore.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: windows.storage.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: wldp.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: profapi.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: mswsock.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: iphlpapi.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: dhcpcsvc6.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: dhcpcsvc.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: dnsapi.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: wsock32.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: winmm.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: version.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: kernel.appcore.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: windows.storage.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: wldp.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: profapi.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: mswsock.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: iphlpapi.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: dhcpcsvc6.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: dhcpcsvc.dll | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Section loaded: dnsapi.dll | |
| Source: Yara match | File source: 00000002.00000003.1772738637.0000000000B1A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match | File source: 00000006.00000003.1797761433.000000000082B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match | File source: 0000001C.00000002.3009084016.0000000009798000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match | File source: 00000016.00000003.1920754006.0000000000AB6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match | File source: 0000001A.00000003.2002849792.00000000004C5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match | File source: 00000006.00000002.3008381214.0000000009A28000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match | File source: 00000006.00000002.3008381214.0000000009997000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match | File source: 0000001A.00000002.3009108330.0000000009797000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match | File source: 0000001C.00000002.3009084016.0000000009829000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match | File source: 0000001B.00000002.3009029991.000000000A628000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match | File source: 0000001B.00000003.2087844478.0000000001326000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match | File source: 00000016.00000002.3008961235.0000000009D97000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match | File source: 00000016.00000002.3008961235.0000000009E28000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match | File source: 0000001A.00000002.3009108330.0000000009828000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match | File source: 00000002.00000002.1801801717.0000000009D50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match | File source: 0000001B.00000002.3009029991.000000000A597000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
| Source: Yara match | File source: Process Memory Space: java.exe PID: 6924, type: MEMORYSTR |
| Source: Yara match | File source: Process Memory Space: java.exe PID: 5016, type: MEMORYSTR |
| Source: Yara match | File source: Process Memory Space: javaw.exe PID: 5780, type: MEMORYSTR |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Code function: 2_2_026BFE51 push cs; retf | 2_2_026BFE71 |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Code function: 2_2_026BCC4D push ecx; retn 0022h | 2_2_026BCD02 |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Code function: 2_2_026BC993 push es; iretd | 2_2_026BC99A |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Code function: 2_2_0261D8F7 push 00000000h; mov dword ptr [esp], esp | 2_2_0261D921 |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Code function: 2_2_0261A20A push ecx; ret | 2_2_0261A21A |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Code function: 2_2_0261A21B push ecx; ret | 2_2_0261A225 |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Code function: 2_2_0261BB67 push 00000000h; mov dword ptr [esp], esp | 2_2_0261BB8D |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Code function: 2_2_0261B3B7 push 00000000h; mov dword ptr [esp], esp | 2_2_0261B3DD |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Code function: 2_2_0261D8D1 push 00000000h; mov dword ptr [esp], esp | 2_2_0261D921 |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Code function: 2_2_0261B947 push 00000000h; mov dword ptr [esp], esp | 2_2_0261B96D |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Code function: 2_2_0261C477 push 00000000h; mov dword ptr [esp], esp | 2_2_0261C49D |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Code function: 6_2_02368A11 push cs; retf | 6_2_02368A31 |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Code function: 6_2_022CA20A push ecx; ret | 6_2_022CA21A |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Code function: 6_2_022CA21B push ecx; ret | 6_2_022CA225 |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Code function: 6_2_022CBB67 push 00000000h; mov dword ptr [esp], esp | 6_2_022CBB8D |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Code function: 6_2_022CB3B7 push 00000000h; mov dword ptr [esp], esp | 6_2_022CB3DD |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Code function: 6_2_022CB947 push 00000000h; mov dword ptr [esp], esp | 6_2_022CB96D |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Code function: 6_2_022CC477 push 00000000h; mov dword ptr [esp], esp | 6_2_022CC49D |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Code function: 22_2_026BA20A push ecx; ret | 22_2_026BA21A |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Code function: 22_2_026BA21B push ecx; ret | 22_2_026BA225 |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Code function: 22_2_026BBB67 push 00000000h; mov dword ptr [esp], esp | 22_2_026BBB8D |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Code function: 22_2_026BB3B7 push 00000000h; mov dword ptr [esp], esp | 22_2_026BB3DD |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Code function: 22_2_026BB947 push 00000000h; mov dword ptr [esp], esp | 22_2_026BB96D |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Code function: 22_2_026BC477 push 00000000h; mov dword ptr [esp], esp | 22_2_026BC49D |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Code function: 26_2_0212A21B push ecx; ret | 26_2_0212A225 |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Code function: 26_2_0212A20A push ecx; ret | 26_2_0212A21A |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Code function: 26_2_0212BB67 push 00000000h; mov dword ptr [esp], esp | 26_2_0212BB8D |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Code function: 26_2_0212B3B7 push 00000000h; mov dword ptr [esp], esp | 26_2_0212B3DD |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Code function: 26_2_0212B947 push 00000000h; mov dword ptr [esp], esp | 26_2_0212B96D |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Code function: 26_2_0212C477 push 00000000h; mov dword ptr [esp], esp | 26_2_0212C49D |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Code function: 27_2_02DDA21B push ecx; ret | 27_2_02DDA225 |
| Source: javaw.exe, 00000016.00000003.1921418826.0000000014CCE000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK |
| Source: javaw.exe, 00000016.00000003.1921418826.0000000014CCE000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: &com/sun/corba/se/impl/util/SUNVMCID.classPK |
| Source: java.exe, 00000006.00000002.3004161734.000000000081B000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll}L1 |
| Source: java.exe, 00000002.00000002.1797760450.0000000000B0B000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000002.3004161734.000000000081B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3004513817.0000000000AD0000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000001A.00000002.3004176616.00000000004B7000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: [Ljava/lang/VirtualMachineError; |
| Source: javaw.exe, 00000016.00000003.1921418826.0000000014CCE000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: org/omg/CORBA/OMGVMCID.classPK |
| Source: java.exe, 00000002.00000002.1797760450.0000000000B0B000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000002.3004161734.000000000081B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3004513817.0000000000AD0000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000001A.00000002.3004176616.00000000004B7000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: cjava/lang/VirtualMachineError |
| Source: java.exe, 00000002.00000003.1773866353.0000000014C6E000.00000004.00000020.00020000.00000000.sdmp, java.exe, 00000006.00000003.1798410151.00000000148C1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000016.00000003.1921418826.0000000014CCE000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: java/lang/VirtualMachineError.classPK |
| Source: java.exe, 00000002.00000002.1797760450.0000000000B0B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000016.00000002.3004513817.0000000000AA8000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 0000001A.00000002.3004176616.00000000004B7000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\client\jvm.dll VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\hsperfdata_user\6924 VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\resources.jar VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\rt.jar VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jsse.jar VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jce.jar VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\charsets.jar VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jfr.jar VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\jartracer.jar VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Queries volume information: C:\Users\user\1790lock.file VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\client\jvm.dll VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\hsperfdata_user\5016 VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\resources.jar VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\rt.jar VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jsse.jar VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\charsets.jar VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jfr.jar VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\meta-index VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\java.exe | Queries volume information: C:\Users\user\1790lock.file VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\client\jvm.dll VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\hsperfdata_user\5780 VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\resources.jar VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\rt.jar VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jsse.jar VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jce.jar VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\charsets.jar VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jfr.jar VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\meta-index VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Users\user\1790lock.file VolumeInformation | Jump to behavior |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\client\jvm.dll VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\hsperfdata_user\7076 VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\resources.jar VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\rt.jar VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jsse.jar VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\charsets.jar VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\meta-index VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Users\user\1790lock.file VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\client\jvm.dll VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\hsperfdata_user\2228 VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\resources.jar VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jce.jar VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\charsets.jar VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\meta-index VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Users\user\1790lock.file VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\client\jvm.dll VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\bin\java.dll VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Users\user\AppData\Local\Temp\hsperfdata_user\4088 VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\resources.jar VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\rt.jar VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jsse.jar VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jce.jar VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\charsets.jar VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\jfr.jar VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Program Files (x86)\Java\jre-1.8\lib\meta-index VolumeInformation | |
| Source: C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe | Queries volume information: C:\Users\user\1790lock.file VolumeInformation | |
Edit tour
cmd.exe (PID: 6764 cmdline: 
java.exe (PID: 6924 cmdline: 
icacls.exe (PID: 7080 cmdline: 
WMIC.exe (PID: 7056 cmdline: 
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node