Windows Analysis Report
#U6837#U672c.jar

Overview

General Information

Sample Name: #U6837#U672c.jar
Analysis ID: 631576
MD5: 8a5f40cbc394e138255c6d1a775d6a26
SHA1: dc53deaa3b02534cead9e371010e00f91e229b50
SHA256: 6b96b0e9285822fb15c20d61ac65c9ba6028f423d5aaf7ebd4fa9fa9a435b838
Tags: jar
Infos:

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Encrypted powershell cmdline option found
Exploit detected, runtime environment starts unknown processes
Very long command line found
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Queries the volume information (name, serial number etc) of a device
Drops PE files
Uses cacls to modify the permissions of files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Compiles C# or VB.Net code
Found dropped PE file which has not been started or loaded
Creates a process in suspended mode (likely to inject code)
IP address seen in connection with other malware
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Enables debug privileges

Classification

Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Source: unknown HTTPS traffic detected: 140.82.121.5:443 -> 192.168.2.3:49753 version: TLS 1.2

Software Vulnerabilities

barindex
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Source: Joe Sandbox View JA3 fingerprint: d2935c58fe676744fecc8614ee5356c7
Source: Joe Sandbox View IP Address: 140.82.121.5 140.82.121.5
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/3
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/allow-java-encodings
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error=
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations9
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations;
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/internal/parser-settings
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicates
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only/
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/namespace-growth
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd7
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs6
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs3
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/standard-uri-conformant
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/standard-uri-conformant2
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validate-annotations
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-treesyP1
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/dynamic
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/dynamicnal/xni
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/schema
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking=
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/schema/element-default
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/schema/element-defaultA
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-value
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-valueB
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/schema1
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdefD
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef:
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydef
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/xinclude
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/features/xinclude7
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/D
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/input-buffer-size
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory:
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/document-scanner
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/document-scanner7
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor5
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner8
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/entity-manager
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/entity-manager8
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver7
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/error-handler
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/error-reporter
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/error-reporter:
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool6
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/namespace-binder
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/namespace-context
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver=
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/symbol-table
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/symbol-tableQ
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/validation-manager
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory7
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/validator/schema
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/locale
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation?
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation(
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/security-manager
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/properties/security-managerD
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypes
Source: java.exe, 00000002.00000002.517323221.0000000009FC5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://bugreport.sun.com/bugreport/
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.chambersign.org/chambersroot.crl
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: java.exe, 00000002.00000002.517348175.0000000009FD5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.oracle.com/
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/dom/properties/
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/jaxp/properties/
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage4
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/schema/features/
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/stream/properties/
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/stream/properties/8
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtd
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event0y
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing&
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.XMLConstants/property/
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD;
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchema
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://logback.qos.ch/codes.html
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://logback.qos.ch/codes.html#appender_order
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://logback.qos.ch/codes.html#block
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://logback.qos.ch/codes.html#earlier_fa_collision
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://logback.qos.ch/codes.html#ifJanino
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://logback.qos.ch/codes.html#ifJaninoLineNu
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://logback.qos.ch/codes.html#layoutInsteadOfEncoder
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://logback.qos.ch/codes.html#missingRightParenthesis
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://logback.qos.ch/codes.html#missingRightParenthesisonditio
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://logback.qos.ch/codes.html#null_CS
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://logback.qos.ch/codes.html#null_CSht
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://logback.qos.ch/codes.html#sat_missing_integer_token
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://logback.qos.ch/codes.html#sat_missing_integer_token3ch/q
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://logback.qos.ch/codes.html#tbr_fnp_not_set
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://logback.qos.ch/manual/
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.523754221.0000000015BF0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.525290861.0000000016047000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://null.oracle.com/
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://policy.camerfirma.com
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://policy.camerfirma.com0
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://repository.swisssign.com/
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://repository.swisssign.com/0
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
Source: java.exe, 00000002.00000003.371284324.000000001A5CC000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.371614607.000000001A5CC000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.372007318.000000001A5CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.com
Source: java.exe, 00000002.00000003.372321347.000000001A5CC000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.372503883.000000001A5CC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.carterandcone.com8
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.certplus.com/CRL/class2.crl
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.certplus.com/CRL/class3P.crl
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
Source: java.exe, 00000002.00000002.519659828.000000000A78D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.chambersign.org
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.chambersign.org1
Source: java.exe, 00000002.00000003.366908558.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367867039.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367920213.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367555762.000000001A528000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.comC
Source: java.exe, 00000002.00000003.366908558.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367555762.000000001A528000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.fontbureau.coms
Source: java.exe, 00000002.00000003.364008096.000000001A5D2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367125571.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365417219.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364923911.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.363715049.000000001A5D2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364166636.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364685791.000000001A5CB000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367621099.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.363962074.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365710903.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367540017.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.363573890.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.363600655.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364541190.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364989262.000000001A5BC000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367581782.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364257114.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367223930.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365518800.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.363860163.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364348330.000000001A529000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn
Source: java.exe, 00000002.00000003.361639909.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361550071.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361715531.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361475761.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn//
Source: java.exe, 00000002.00000003.366377964.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.366327186.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365988091.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cn/n
Source: java.exe, 00000002.00000003.366377964.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.366327186.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367463505.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367125571.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365417219.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364685791.000000001A5CB000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367621099.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367540017.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364989262.000000001A5BC000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367581782.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367223930.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364803169.000000001A5CB000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365988091.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.366575802.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367342649.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365241372.000000001A5CB000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.founder.com.cn/cnm
Source: java.exe, 00000002.00000003.361324132.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361112768.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361054366.000000001A5D2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.360957466.000000001A5D2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361138940.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361344233.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/
Source: java.exe, 00000002.00000003.361386794.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361324132.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361112768.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361054366.000000001A5D2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.360957466.000000001A5D2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361475761.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361138940.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361344233.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.galapagosdesign.com/x
Source: java.exe, 00000002.00000003.379215569.000000001A50E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.386917865.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.381672244.000000001A50E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.382202087.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.384744761.000000001A528000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: java.exe, 00000002.00000003.386917865.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.381672244.000000001A50E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.382202087.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.384744761.000000001A528000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp//
Source: java.exe, 00000002.00000003.386917865.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.384744761.000000001A528000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/1
Source: java.exe, 00000002.00000003.379215569.000000001A50E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.386917865.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.381672244.000000001A50E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.382202087.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.384744761.000000001A528000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/F
Source: java.exe, 00000002.00000003.386917865.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.381672244.000000001A50E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.382202087.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.384744761.000000001A528000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/_
Source: java.exe, 00000002.00000003.386917865.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.384744761.000000001A528000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/jp//
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/feature/use-service-mechanism
Source: java.exe, 00000002.00000002.525463036.000000001619F000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.520518068.000000000A936000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/technetwork/java/javafx/index.html
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/Y
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementAttributeLimit
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit9
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepth
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepthT
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimit
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimit
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimith
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxXMLNameLimit
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimit
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManager
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManagerx
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.quovadis.bm
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.quovadis.bm0
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.quovadisglobal.com/cps
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.slf4j.org/codes.html
Source: java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.slf4j.org/codes.html#StaticLoggerBinder
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.slf4j.org/codes.html#loggerNameMismatch
Source: java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.slf4j.org/codes.html#loggerNameMismatch4
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.slf4j.org/codes.html#multiple_bindings
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.slf4j.org/codes.html#no_static_mdc_binder
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.slf4j.org/codes.html#no_static_mdc_binder-
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.slf4j.org/codes.html#null_LF
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.slf4j.org/codes.html#null_MDCA
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.slf4j.org/codes.html#null_MDCAFile
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.slf4j.org/codes.html#replay
Source: java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.slf4j.org/codes.html#replayj
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.slf4j.org/codes.html#substituteLogger
Source: java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.slf4j.org/codes.html#substituteLoggerss
Source: java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.slf4j.org/codes.html#substituteLoggerssss
Source: java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.slf4j.org/codes.html#unsuccessfulInit
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.slf4j.org/codes.html#unsuccessfulInit)
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.slf4j.org/codes.html#version_mismatch
Source: java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.slf4j.org/codes.html#version_mismatchS
Source: java.exe, 00000002.00000003.366908558.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367867039.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367920213.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367555762.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.366575802.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.366792094.000000001A528000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cn
Source: java.exe, 00000002.00000003.366575802.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.zhongyicts.com.cno.
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/9
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/external-general-entities
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/external-general-entities7
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/external-parameter-entities
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/external-parameter-entities(
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/namespaces
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/namespaces&
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/string-interning
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/validation
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/properties/
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/properties/declaration-handler
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/properties/declaration-handler&
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/properties/dom-node
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/properties/lexical-handler
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/properties/xml-string
Source: java.exe, 00000002.00000002.523754221.0000000015BF0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.github.com/repos/Col-E/Recaf/releases/latest
Source: java.exe, 00000002.00000002.517348175.0000000009FD5000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.525463036.000000001619F000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://col-e.github.io/Recaf-documentation/
Source: java.exe, 00000002.00000002.522356164.0000000014E60000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://col-e.github.io/Recaf-documentation/onit
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/Col-E/Recaf/issues/new/choose
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ocsp.quovadisoffshore.com
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://repo1.maven.org/maven2/org/openjfx/javafx-%s/%s/javafx-%s-%s
Source: java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://repo1.maven.org/maven2/org/openjfx/javafx-%s/%s/javafx-%s-%sssL
Source: java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://repo1.maven.org/maven2/org/openjfx/javafx-base/18-ea
Source: java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://repo1.maven.org/maven2/org/openjfx/javafx-controls/18-ea
Source: java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://repo1.maven.org/maven2/org/openjfx/javafx-graphics/18-ea
Source: java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://repo1.maven.org/maven2/org/openjfx/javafx-media/18-ea
Source: unknown DNS traffic detected: queries for: api.github.com
Source: unknown HTTPS traffic detected: 140.82.121.5:443 -> 192.168.2.3:49753 version: TLS 1.2

System Summary

barindex
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process created: Commandline size = 2163
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process created: Commandline size = 2163 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Code function: 6_2_07F18390 6_2_07F18390
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Code function: 6_2_07F18390 6_2_07F18390
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Code function: 6_2_07F10006 6_2_07F10006
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Code function: 6_2_08458561 6_2_08458561
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Code function: 6_2_08458570 6_2_08458570
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Code function: 6_2_08475F10 6_2_08475F10
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Code function: 6_2_084765C0 6_2_084765C0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Code function: 6_2_08471570 6_2_08471570
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Code function: 6_2_08471580 6_2_08471580
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Code function: 6_2_08489DE0 6_2_08489DE0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Code function: 6_2_0848B1F0 6_2_0848B1F0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Code function: 6_2_0848A652 6_2_0848A652
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Code function: 6_2_084897A3 6_2_084897A3
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Code function: 6_2_07F10040 6_2_07F10040
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Code function: 6_2_07F1BF20 6_2_07F1BF20
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Code function: 6_2_07F1BF11 6_2_07F1BF11
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Code function: 6_2_07F1BF1E 6_2_07F1BF1E
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Section loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Section loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Section loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll Jump to behavior
Source: unknown Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\#U6837#U672c.jar"" >> C:\cmdlinestart.log 2>&1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\#U6837#U672c.jar"
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Source: C:\Windows\SysWOW64\icacls.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -EncodedCommand JgAgAHsACgBbAEMAbwBuAHMAbwBsAGUAXQA6ADoATwB1AHQAcAB1AHQARQBuAGMAbwBkAGkAbgBnACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgACgBBAGQAZAAtAFQAeQBwAGUAIABAACIACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQA7AAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMAOwAKAHAAdQBiAGwAaQBjACAAYwBsAGEAcwBzACAARABpAHIAIAB7AAoAIAAgAFsARABsAGwASQBtAHAAbwByAHQAKAAiAHMAaABlAGwAbAAzADIALgBkAGwAbAAiACkAXQAKACAAIABwAHIAaQB2AGEAdABlACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAGkAbgB0ACAAUwBIAEcAZQB0AEsAbgBvAHcAbgBGAG8AbABkAGUAcgBQAGEAdABoACgAWwBNAGEAcgBzAGgAYQBsAEEAcwAoAFUAbgBtAGEAbgBhAGcAZQBkAFQAeQBwAGUALgBMAFAAUwB0AHIAdQBjAHQAKQBdACAARwB1AGkAZAAgAHIAZgBpAGQALAAgAHUAaQBuAHQAIABkAHcARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGgAVABvAGsAZQBuACwAIABvAHUAdAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAApADsACgAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAHMAdAByAGkAbgBnACAARwBlAHQASwBuAG8AdwBuAEYAbwBsAGQAZQByAFAAYQB0AGgAKABzAHQAcgBpAG4AZwAgAHIAZgBpAGQAKQAgAHsACgAgACAAIAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAA7AAoAIAAgACAAIABpAGYAIAAoAFMASABHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoAG4AZQB3ACAARwB1AGkAZAAoAHIAZgBpAGQAKQAsACAAMAAsACAASQBuAHQAUAB0AHIALgBaAGUAcgBvACwAIABvAHUAdAAgAHAAcwB6AFAAYQB0AGgAKQAgACEAPQAgADAAKQAgAHIAZQB0AHUAcgBuACAAIgAiADsACgAgACAAIAAgAHMAdAByAGkAbgBnACAAcABhAHQAaAAgAD0AIABNAGEAcgBzAGgAYQBsAC4AUAB0AHIAVABvAFMAdAByAGkAbgBnAFUAbgBpACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAE0AYQByAHMAaABhAGwALgBGAHIAZQBlAEMAbwBUAGEAcwBrAE0AZQBtACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAHIAZQB0AHUAcgBuACAAcABhAHQAaAA7AAoAIAAgAH0ACgB9AAoAIgBAAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIANQBFADYAQwA4ADUAOABGAC0AMABFADIAMgAtADQANwA2ADAALQA5AEEARgBFAC0ARQBBADMAMwAxADcAQgA2ADcAMQA3ADMAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIAMwBFAEIANgA4ADUARABCAC0ANgA1AEYAOQAtADQAQwBGADYALQBBADAAMwBBAC0ARQAzAEUARgA2ADUANwAyADkARgAzAEQAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIARgAxAEIAMwAyADcAOAA1AC0ANgBGAEIAQQAtADQARgBDAEYALQA5AEQANQA1AC0ANwBCADgARQA3AEYAMQA1ADcAMAA5ADEAIgApAAoAfQA=
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.cmdline
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3439.tmp" "c:\Users\user\AppData\Local\Temp\yg5wq3iq\CSC2B87B97A30754CA98C52C2EC748AF94C.TMP"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\#U6837#U672c.jar" Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -EncodedCommand JgAgAHsACgBbAEMAbwBuAHMAbwBsAGUAXQA6ADoATwB1AHQAcAB1AHQARQBuAGMAbwBkAGkAbgBnACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgACgBBAGQAZAAtAFQAeQBwAGUAIABAACIACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQA7AAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMAOwAKAHAAdQBiAGwAaQBjACAAYwBsAGEAcwBzACAARABpAHIAIAB7AAoAIAAgAFsARABsAGwASQBtAHAAbwByAHQAKAAiAHMAaABlAGwAbAAzADIALgBkAGwAbAAiACkAXQAKACAAIABwAHIAaQB2AGEAdABlACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAGkAbgB0ACAAUwBIAEcAZQB0AEsAbgBvAHcAbgBGAG8AbABkAGUAcgBQAGEAdABoACgAWwBNAGEAcgBzAGgAYQBsAEEAcwAoAFUAbgBtAGEAbgBhAGcAZQBkAFQAeQBwAGUALgBMAFAAUwB0AHIAdQBjAHQAKQBdACAARwB1AGkAZAAgAHIAZgBpAGQALAAgAHUAaQBuAHQAIABkAHcARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGgAVABvAGsAZQBuACwAIABvAHUAdAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAApADsACgAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAHMAdAByAGkAbgBnACAARwBlAHQASwBuAG8AdwBuAEYAbwBsAGQAZQByAFAAYQB0AGgAKABzAHQAcgBpAG4AZwAgAHIAZgBpAGQAKQAgAHsACgAgACAAIAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAA7AAoAIAAgACAAIABpAGYAIAAoAFMASABHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoAG4AZQB3ACAARwB1AGkAZAAoAHIAZgBpAGQAKQAsACAAMAAsACAASQBuAHQAUAB0AHIALgBaAGUAcgBvACwAIABvAHUAdAAgAHAAcwB6AFAAYQB0AGgAKQAgACEAPQAgADAAKQAgAHIAZQB0AHUAcgBuACAAIgAiADsACgAgACAAIAAgAHMAdAByAGkAbgBnACAAcABhAHQAaAAgAD0AIABNAGEAcgBzAGgAYQBsAC4AUAB0AHIAVABvAFMAdAByAGkAbgBnAFUAbgBpACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAE0AYQByAHMAaABhAGwALgBGAHIAZQBlAEMAbwBUAGEAcwBrAE0AZQBtACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAHIAZQB0AHUAcgBuACAAcABhAHQAaAA7AAoAIAAgAH0ACgB9AAoAIgBAAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIANQBFADYAQwA4ADUAOABGAC0AMABFADIAMgAtADQANwA2ADAALQA5AEEARgBFAC0ARQBBADMAMwAxADcAQgA2ADcAMQA3ADMAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIAMwBFAEIANgA4ADUARABCAC0ANgA1AEYAOQAtADQAQwBGADYALQBBADAAMwBBAC0ARQAzAEUARgA2ADUANwAyADkARgAzAEQAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIARgAxAEIAMwAyADcAOAA1AC0ANgBGAEIAQQAtADQARgBDAEYALQA5AEQANQA1AC0ANwBCADgARQA3AEYAMQA1ADcAMAA5ADEAIgApAAoAfQA= Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.cmdline Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3439.tmp" "c:\Users\user\AppData\Local\Temp\yg5wq3iq\CSC2B87B97A30754CA98C52C2EC748AF94C.TMP" Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6648:120:WilError_01
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6412:120:WilError_01
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6524:120:WilError_01
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe File created: C:\Users\user\AppData\Roaming\Recaf Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe File created: C:\Users\user\AppData\Local\Temp\hsperfdata_user Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Section loaded: C:\Program Files (x86)\Java\jre1.8.0_211\bin\client\jvm.dll Jump to behavior
Source: java.exe String found in binary or memory: sun/launcher/
Source: classification engine Classification label: mal52.expl.evad.winJAR@14/10@1/2
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: #U6837#U672c.jar Static file information: File size 39147646 > 1048576
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Code function: 2_2_0285D877 push 00000000h; mov dword ptr [esp], esp 2_2_0285D8A1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Code function: 6_2_08458FE0 push eax; retf 6_2_08458FE1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Code function: 6_2_08458092 pushad ; ret 6_2_084580B1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.cmdline
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.cmdline Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe File created: C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.dll Jump to dropped file
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 2465 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 801 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6808 Thread sleep count: 2465 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6808 Thread sleep count: 801 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6880 Thread sleep count: 31 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6232 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.dll Jump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: java.exe, 00000002.00000003.246597794.0000000014E6F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: java/lang/VirtualMachineError
Source: java.exe, 00000002.00000003.246597794.0000000014E6F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: &com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: java.exe, 00000002.00000002.514236461.0000000002750000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: ,java/lang/VirtualMachineError
Source: java.exe, 00000002.00000002.514236461.0000000002750000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: |[Ljava/lang/VirtualMachineError;
Source: java.exe, 00000002.00000002.517348175.0000000009FD5000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: org/omg/CORBA/OMGVMCID
Source: java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: @com.sun.tools.attach.VirtualMachinendLin
Source: java.exe, 00000002.00000002.517348175.0000000009FD5000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.525463036.000000001619F000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: #com.sun.tools.attach.VirtualMachine
Source: java.exe, 00000002.00000003.246597794.0000000014E6F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: org/omg/CORBA/OMGVMCID.classPK
Source: java.exe, 00000002.00000003.246597794.0000000014E6F000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: java/lang/VirtualMachineError.classPK
Source: java.exe, 00000002.00000002.525463036.000000001619F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: W0(Lcom/sun/tools/attach/VirtualMachineDescriptor;)Lcom/sun/tools/attach/VirtualMachine;
Source: java.exe, 00000002.00000002.517348175.0000000009FD5000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: #com/sun/corba/se/impl/util/SUNVMCID
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Code function: 2_2_02850632 LdrInitializeThunk,LdrInitializeThunk, 2_2_02850632
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process token adjusted: Debug Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Memory protected: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process created: Base64 decoded & {[Console]::OutputEncoding = [System.Text.Encoding]::UTF8Add-Type @"using System;using System.Runtime.InteropServices;public class Dir { [DllImport("shell32.dll")] private static extern int SHGetKnownFolderPath([MarshalAs(UnmanagedType.LPStruct)] Guid rfid, uint dwFlags, IntPtr hToken, out IntPtr pszPath); public static string GetKnownFolderPath(string rfid) { IntPtr pszPath; if (SHGetKnownFolderPath(new Guid(rfid), 0, IntPtr.Zero, out pszPath) != 0) return ""; string path = Marshal.PtrToStringUni(pszPath); Marshal.FreeCoTaskMem(pszPath); return path; }}"@[Dir]::GetKnownFolderPath("5E6C858F-0E22-4760-9AFE-EA3317B67173")[Dir]::GetKnownFolderPath("3EB685DB-65F9-4CF6-A03A-E3EF65729F3D")[Dir]::GetKnownFolderPath("F1B32785-6FBA-4FCF-9D55-7B8E7F157091")}
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process created: Base64 decoded & {[Console]::OutputEncoding = [System.Text.Encoding]::UTF8Add-Type @"using System;using System.Runtime.InteropServices;public class Dir { [DllImport("shell32.dll")] private static extern int SHGetKnownFolderPath([MarshalAs(UnmanagedType.LPStruct)] Guid rfid, uint dwFlags, IntPtr hToken, out IntPtr pszPath); public static string GetKnownFolderPath(string rfid) { IntPtr pszPath; if (SHGetKnownFolderPath(new Guid(rfid), 0, IntPtr.Zero, out pszPath) != 0) return ""; string path = Marshal.PtrToStringUni(pszPath); Marshal.FreeCoTaskMem(pszPath); return path; }}"@[Dir]::GetKnownFolderPath("5E6C858F-0E22-4760-9AFE-EA3317B67173")[Dir]::GetKnownFolderPath("3EB685DB-65F9-4CF6-A03A-E3EF65729F3D")[Dir]::GetKnownFolderPath("F1B32785-6FBA-4FCF-9D55-7B8E7F157091")} Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -EncodedCommand JgAgAHsACgBbAEMAbwBuAHMAbwBsAGUAXQA6ADoATwB1AHQAcAB1AHQARQBuAGMAbwBkAGkAbgBnACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgACgBBAGQAZAAtAFQAeQBwAGUAIABAACIACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQA7AAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMAOwAKAHAAdQBiAGwAaQBjACAAYwBsAGEAcwBzACAARABpAHIAIAB7AAoAIAAgAFsARABsAGwASQBtAHAAbwByAHQAKAAiAHMAaABlAGwAbAAzADIALgBkAGwAbAAiACkAXQAKACAAIABwAHIAaQB2AGEAdABlACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAGkAbgB0ACAAUwBIAEcAZQB0AEsAbgBvAHcAbgBGAG8AbABkAGUAcgBQAGEAdABoACgAWwBNAGEAcgBzAGgAYQBsAEEAcwAoAFUAbgBtAGEAbgBhAGcAZQBkAFQAeQBwAGUALgBMAFAAUwB0AHIAdQBjAHQAKQBdACAARwB1AGkAZAAgAHIAZgBpAGQALAAgAHUAaQBuAHQAIABkAHcARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGgAVABvAGsAZQBuACwAIABvAHUAdAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAApADsACgAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAHMAdAByAGkAbgBnACAARwBlAHQASwBuAG8AdwBuAEYAbwBsAGQAZQByAFAAYQB0AGgAKABzAHQAcgBpAG4AZwAgAHIAZgBpAGQAKQAgAHsACgAgACAAIAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAA7AAoAIAAgACAAIABpAGYAIAAoAFMASABHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoAG4AZQB3ACAARwB1AGkAZAAoAHIAZgBpAGQAKQAsACAAMAAsACAASQBuAHQAUAB0AHIALgBaAGUAcgBvACwAIABvAHUAdAAgAHAAcwB6AFAAYQB0AGgAKQAgACEAPQAgADAAKQAgAHIAZQB0AHUAcgBuACAAIgAiADsACgAgACAAIAAgAHMAdAByAGkAbgBnACAAcABhAHQAaAAgAD0AIABNAGEAcgBzAGgAYQBsAC4AUAB0AHIAVABvAFMAdAByAGkAbgBnAFUAbgBpACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAE0AYQByAHMAaABhAGwALgBGAHIAZQBlAEMAbwBUAGEAcwBrAE0AZQBtACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAHIAZQB0AHUAcgBuACAAcABhAHQAaAA7AAoAIAAgAH0ACgB9AAoAIgBAAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIANQBFADYAQwA4ADUAOABGAC0AMABFADIAMgAtADQANwA2ADAALQA5AEEARgBFAC0ARQBBADMAMwAxADcAQgA2ADcAMQA3ADMAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIAMwBFAEIANgA4ADUARABCAC0ANgA1AEYAOQAtADQAQwBGADYALQBBADAAMwBBAC0ARQAzAEUARgA2ADUANwAyADkARgAzAEQAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIARgAxAEIAMwAyADcAOAA1AC0ANgBGAEIAQQAtADQARgBDAEYALQA5AEQANQA1AC0ANwBCADgARQA3AEYAMQA1ADcAMAA5ADEAIgApAAoAfQA=
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -EncodedCommand JgAgAHsACgBbAEMAbwBuAHMAbwBsAGUAXQA6ADoATwB1AHQAcAB1AHQARQBuAGMAbwBkAGkAbgBnACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgACgBBAGQAZAAtAFQAeQBwAGUAIABAACIACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQA7AAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMAOwAKAHAAdQBiAGwAaQBjACAAYwBsAGEAcwBzACAARABpAHIAIAB7AAoAIAAgAFsARABsAGwASQBtAHAAbwByAHQAKAAiAHMAaABlAGwAbAAzADIALgBkAGwAbAAiACkAXQAKACAAIABwAHIAaQB2AGEAdABlACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAGkAbgB0ACAAUwBIAEcAZQB0AEsAbgBvAHcAbgBGAG8AbABkAGUAcgBQAGEAdABoACgAWwBNAGEAcgBzAGgAYQBsAEEAcwAoAFUAbgBtAGEAbgBhAGcAZQBkAFQAeQBwAGUALgBMAFAAUwB0AHIAdQBjAHQAKQBdACAARwB1AGkAZAAgAHIAZgBpAGQALAAgAHUAaQBuAHQAIABkAHcARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGgAVABvAGsAZQBuACwAIABvAHUAdAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAApADsACgAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAHMAdAByAGkAbgBnACAARwBlAHQASwBuAG8AdwBuAEYAbwBsAGQAZQByAFAAYQB0AGgAKABzAHQAcgBpAG4AZwAgAHIAZgBpAGQAKQAgAHsACgAgACAAIAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAA7AAoAIAAgACAAIABpAGYAIAAoAFMASABHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoAG4AZQB3ACAARwB1AGkAZAAoAHIAZgBpAGQAKQAsACAAMAAsACAASQBuAHQAUAB0AHIALgBaAGUAcgBvACwAIABvAHUAdAAgAHAAcwB6AFAAYQB0AGgAKQAgACEAPQAgADAAKQAgAHIAZQB0AHUAcgBuACAAIgAiADsACgAgACAAIAAgAHMAdAByAGkAbgBnACAAcABhAHQAaAAgAD0AIABNAGEAcgBzAGgAYQBsAC4AUAB0AHIAVABvAFMAdAByAGkAbgBnAFUAbgBpACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAE0AYQByAHMAaABhAGwALgBGAHIAZQBlAEMAbwBUAGEAcwBrAE0AZQBtACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAHIAZQB0AHUAcgBuACAAcABhAHQAaAA7AAoAIAAgAH0ACgB9AAoAIgBAAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIANQBFADYAQwA4ADUAOABGAC0AMABFADIAMgAtADQANwA2ADAALQA5AEEARgBFAC0ARQBBADMAMwAxADcAQgA2ADcAMQA3ADMAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIAMwBFAEIANgA4ADUARABCAC0ANgA1AEYAOQAtADQAQwBGADYALQBBADAAMwBBAC0ARQAzAEUARgA2ADUANwAyADkARgAzAEQAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIARgAxAEIAMwAyADcAOAA1AC0ANgBGAEIAQQAtADQARgBDAEYALQA5AEQANQA1AC0ANwBCADgARQA3AEYAMQA1ADcAMAA5ADEAIgApAAoAfQA= Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\#U6837#U672c.jar" Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -EncodedCommand JgAgAHsACgBbAEMAbwBuAHMAbwBsAGUAXQA6ADoATwB1AHQAcAB1AHQARQBuAGMAbwBkAGkAbgBnACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgACgBBAGQAZAAtAFQAeQBwAGUAIABAACIACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQA7AAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMAOwAKAHAAdQBiAGwAaQBjACAAYwBsAGEAcwBzACAARABpAHIAIAB7AAoAIAAgAFsARABsAGwASQBtAHAAbwByAHQAKAAiAHMAaABlAGwAbAAzADIALgBkAGwAbAAiACkAXQAKACAAIABwAHIAaQB2AGEAdABlACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAGkAbgB0ACAAUwBIAEcAZQB0AEsAbgBvAHcAbgBGAG8AbABkAGUAcgBQAGEAdABoACgAWwBNAGEAcgBzAGgAYQBsAEEAcwAoAFUAbgBtAGEAbgBhAGcAZQBkAFQAeQBwAGUALgBMAFAAUwB0AHIAdQBjAHQAKQBdACAARwB1AGkAZAAgAHIAZgBpAGQALAAgAHUAaQBuAHQAIABkAHcARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGgAVABvAGsAZQBuACwAIABvAHUAdAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAApADsACgAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAHMAdAByAGkAbgBnACAARwBlAHQASwBuAG8AdwBuAEYAbwBsAGQAZQByAFAAYQB0AGgAKABzAHQAcgBpAG4AZwAgAHIAZgBpAGQAKQAgAHsACgAgACAAIAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAA7AAoAIAAgACAAIABpAGYAIAAoAFMASABHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoAG4AZQB3ACAARwB1AGkAZAAoAHIAZgBpAGQAKQAsACAAMAAsACAASQBuAHQAUAB0AHIALgBaAGUAcgBvACwAIABvAHUAdAAgAHAAcwB6AFAAYQB0AGgAKQAgACEAPQAgADAAKQAgAHIAZQB0AHUAcgBuACAAIgAiADsACgAgACAAIAAgAHMAdAByAGkAbgBnACAAcABhAHQAaAAgAD0AIABNAGEAcgBzAGgAYQBsAC4AUAB0AHIAVABvAFMAdAByAGkAbgBnAFUAbgBpACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAE0AYQByAHMAaABhAGwALgBGAHIAZQBlAEMAbwBUAGEAcwBrAE0AZQBtACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAHIAZQB0AHUAcgBuACAAcABhAHQAaAA7AAoAIAAgAH0ACgB9AAoAIgBAAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIANQBFADYAQwA4ADUAOABGAC0AMABFADIAMgAtADQANwA2ADAALQA5AEEARgBFAC0ARQBBADMAMwAxADcAQgA2ADcAMQA3ADMAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIAMwBFAEIANgA4ADUARABCAC0ANgA1AEYAOQAtADQAQwBGADYALQBBADAAMwBBAC0ARQAzAEUARgA2ADUANwAyADkARgAzAEQAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIARgAxAEIAMwAyADcAOAA1AC0ANgBGAEIAQQAtADQARgBDAEYALQA5AEQANQA1AC0ANwBCADgARQA3AEYAMQA1ADcAMAA5ADEAIgApAAoAfQA= Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.cmdline Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3439.tmp" "c:\Users\user\AppData\Local\Temp\yg5wq3iq\CSC2B87B97A30754CA98C52C2EC748AF94C.TMP" Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaBrightDemiBold.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaBrightDemiBold.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaBrightDemiItalic.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaBrightDemiItalic.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaBrightItalic.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaBrightItalic.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaBrightRegular.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaBrightRegular.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaSansDemiBold.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaSansDemiBold.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaSansRegular.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaSansRegular.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaTypewriterBold.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaTypewriterBold.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaTypewriterRegular.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaTypewriterRegular.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\GILSANUB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\GILSANUB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\GILLUBCD.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\GILLUBCD.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Code function: 2_2_02850380 cpuid 2_2_02850380
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs