Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
#U6837#U672c.jar

Overview

General Information

Sample Name:#U6837#U672c.jar
Analysis ID:631576
MD5:8a5f40cbc394e138255c6d1a775d6a26
SHA1:dc53deaa3b02534cead9e371010e00f91e229b50
SHA256:6b96b0e9285822fb15c20d61ac65c9ba6028f423d5aaf7ebd4fa9fa9a435b838
Tags:jar
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Encrypted powershell cmdline option found
Exploit detected, runtime environment starts unknown processes
Very long command line found
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Queries the volume information (name, serial number etc) of a device
Drops PE files
Uses cacls to modify the permissions of files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Compiles C# or VB.Net code
Found dropped PE file which has not been started or loaded
Creates a process in suspended mode (likely to inject code)
IP address seen in connection with other malware
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Enables debug privileges

Classification

  • System is w10x64
  • cmd.exe (PID: 6404 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\#U6837#U672c.jar"" >> C:\cmdlinestart.log 2>&1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
    • conhost.exe (PID: 6412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • java.exe (PID: 6460 cmdline: "C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\#U6837#U672c.jar" MD5: 28733BA8C383E865338638DF5196E6FE)
      • icacls.exe (PID: 6516 cmdline: C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M MD5: FF0D1D4317A44C951240FAE75075D501)
        • conhost.exe (PID: 6524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • powershell.exe (PID: 6608 cmdline: powershell.exe -EncodedCommand JgAgAHsACgBbAEMAbwBuAHMAbwBsAGUAXQA6ADoATwB1AHQAcAB1AHQARQBuAGMAbwBkAGkAbgBnACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgACgBBAGQAZAAtAFQAeQBwAGUAIABAACIACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQA7AAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMAOwAKAHAAdQBiAGwAaQBjACAAYwBsAGEAcwBzACAARABpAHIAIAB7AAoAIAAgAFsARABsAGwASQBtAHAAbwByAHQAKAAiAHMAaABlAGwAbAAzADIALgBkAGwAbAAiACkAXQAKACAAIABwAHIAaQB2AGEAdABlACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAGkAbgB0ACAAUwBIAEcAZQB0AEsAbgBvAHcAbgBGAG8AbABkAGUAcgBQAGEAdABoACgAWwBNAGEAcgBzAGgAYQBsAEEAcwAoAFUAbgBtAGEAbgBhAGcAZQBkAFQAeQBwAGUALgBMAFAAUwB0AHIAdQBjAHQAKQBdACAARwB1AGkAZAAgAHIAZgBpAGQALAAgAHUAaQBuAHQAIABkAHcARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGgAVABvAGsAZQBuACwAIABvAHUAdAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAApADsACgAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAHMAdAByAGkAbgBnACAARwBlAHQASwBuAG8AdwBuAEYAbwBsAGQAZQByAFAAYQB0AGgAKABzAHQAcgBpAG4AZwAgAHIAZgBpAGQAKQAgAHsACgAgACAAIAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAA7AAoAIAAgACAAIABpAGYAIAAoAFMASABHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoAG4AZQB3ACAARwB1AGkAZAAoAHIAZgBpAGQAKQAsACAAMAAsACAASQBuAHQAUAB0AHIALgBaAGUAcgBvACwAIABvAHUAdAAgAHAAcwB6AFAAYQB0AGgAKQAgACEAPQAgADAAKQAgAHIAZQB0AHUAcgBuACAAIgAiADsACgAgACAAIAAgAHMAdAByAGkAbgBnACAAcABhAHQAaAAgAD0AIABNAGEAcgBzAGgAYQBsAC4AUAB0AHIAVABvAFMAdAByAGkAbgBnAFUAbgBpACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAE0AYQByAHMAaABhAGwALgBGAHIAZQBlAEMAbwBUAGEAcwBrAE0AZQBtACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAHIAZQB0AHUAcgBuACAAcABhAHQAaAA7AAoAIAAgAH0ACgB9AAoAIgBAAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIANQBFADYAQwA4ADUAOABGAC0AMABFADIAMgAtADQANwA2ADAALQA5AEEARgBFAC0ARQBBADMAMwAxADcAQgA2ADcAMQA3ADMAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIAMwBFAEIANgA4ADUARABCAC0ANgA1AEYAOQAtADQAQwBGADYALQBBADAAMwBBAC0ARQAzAEUARgA2ADUANwAyADkARgAzAEQAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIARgAxAEIAMwAyADcAOAA1AC0ANgBGAEIAQQAtADQARgBDAEYALQA5AEQANQA1AC0ANwBCADgARQA3AEYAMQA1ADcAMAA5ADEAIgApAAoAfQA= MD5: DBA3E6449E97D4E3DF64527EF7012A10)
        • conhost.exe (PID: 6648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • csc.exe (PID: 6884 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.cmdline MD5: 350C52F71BDED7B99668585C15D70EEA)
          • cvtres.exe (PID: 5776 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3439.tmp" "c:\Users\user\AppData\Local\Temp\yg5wq3iq\CSC2B87B97A30754CA98C52C2EC748AF94C.TMP" MD5: C09985AE74F0882F208D75DE27770DFA)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
Source: unknownHTTPS traffic detected: 140.82.121.5:443 -> 192.168.2.3:49753 version: TLS 1.2

Software Vulnerabilities

barindex
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Source: Joe Sandbox ViewJA3 fingerprint: d2935c58fe676744fecc8614ee5356c7
Source: Joe Sandbox ViewIP Address: 140.82.121.5 140.82.121.5
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/3
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/allow-java-encodings
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error=
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations9
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations;
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/parser-settings
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicates
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only/
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/namespace-growth
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd7
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs6
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs3
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/standard-uri-conformant
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/standard-uri-conformant2
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validate-annotations
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-treesyP1
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/dynamic
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/dynamicnal/xni
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking=
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/element-default
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/element-defaultA
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-value
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-valueB
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema1
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdefD
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef:
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydef
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude7
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/D
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/input-buffer-size
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory:
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/document-scanner
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/document-scanner7
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor5
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner8
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-manager
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-manager8
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver7
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-handler
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-reporter
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-reporter:
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool6
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-binder
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-context
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver=
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/symbol-table
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/symbol-tableQ
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation-manager
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory7
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/schema
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/locale
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation?
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation(
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/security-manager
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/security-managerD
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypes
Source: java.exe, 00000002.00000002.517323221.0000000009FC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bugreport.sun.com/bugreport/
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: java.exe, 00000002.00000002.517348175.0000000009FD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.oracle.com/
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage4
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/8
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtd
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event0y
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing&
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD;
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchema
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html#appender_order
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html#block
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html#earlier_fa_collision
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html#ifJanino
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html#ifJaninoLineNu
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html#layoutInsteadOfEncoder
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html#missingRightParenthesis
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html#missingRightParenthesisonditio
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html#null_CS
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html#null_CSht
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html#sat_missing_integer_token
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html#sat_missing_integer_token3ch/q
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html#tbr_fnp_not_set
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/manual/
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.523754221.0000000015BF0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.525290861.0000000016047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://null.oracle.com/
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com0
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/0
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
Source: java.exe, 00000002.00000003.371284324.000000001A5CC000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.371614607.000000001A5CC000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.372007318.000000001A5CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.com
Source: java.exe, 00000002.00000003.372321347.000000001A5CC000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.372503883.000000001A5CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.com8
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
Source: java.exe, 00000002.00000002.519659828.000000000A78D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org1
Source: java.exe, 00000002.00000003.366908558.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367867039.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367920213.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367555762.000000001A528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comC
Source: java.exe, 00000002.00000003.366908558.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367555762.000000001A528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.coms
Source: java.exe, 00000002.00000003.364008096.000000001A5D2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367125571.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365417219.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364923911.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.363715049.000000001A5D2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364166636.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364685791.000000001A5CB000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367621099.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.363962074.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365710903.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367540017.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.363573890.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.363600655.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364541190.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364989262.000000001A5BC000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367581782.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364257114.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367223930.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365518800.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.363860163.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364348330.000000001A529000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: java.exe, 00000002.00000003.361639909.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361550071.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361715531.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361475761.000000001A5D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn//
Source: java.exe, 00000002.00000003.366377964.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.366327186.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365988091.000000001A5D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/n
Source: java.exe, 00000002.00000003.366377964.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.366327186.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367463505.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367125571.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365417219.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364685791.000000001A5CB000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367621099.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367540017.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364989262.000000001A5BC000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367581782.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367223930.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364803169.000000001A5CB000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365988091.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.366575802.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367342649.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365241372.000000001A5CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnm
Source: java.exe, 00000002.00000003.361324132.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361112768.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361054366.000000001A5D2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.360957466.000000001A5D2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361138940.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361344233.000000001A5D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/
Source: java.exe, 00000002.00000003.361386794.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361324132.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361112768.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361054366.000000001A5D2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.360957466.000000001A5D2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361475761.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361138940.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361344233.000000001A5D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/x
Source: java.exe, 00000002.00000003.379215569.000000001A50E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.386917865.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.381672244.000000001A50E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.382202087.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.384744761.000000001A528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: java.exe, 00000002.00000003.386917865.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.381672244.000000001A50E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.382202087.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.384744761.000000001A528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp//
Source: java.exe, 00000002.00000003.386917865.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.384744761.000000001A528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/1
Source: java.exe, 00000002.00000003.379215569.000000001A50E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.386917865.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.381672244.000000001A50E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.382202087.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.384744761.000000001A528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/F
Source: java.exe, 00000002.00000003.386917865.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.381672244.000000001A50E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.382202087.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.384744761.000000001A528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/_
Source: java.exe, 00000002.00000003.386917865.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.384744761.000000001A528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp//
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/feature/use-service-mechanism
Source: java.exe, 00000002.00000002.525463036.000000001619F000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.520518068.000000000A936000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/technetwork/java/javafx/index.html
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/Y
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementAttributeLimit
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit9
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepth
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepthT
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimit
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimit
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimith
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxXMLNameLimit
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimit
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManager
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManagerx
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html
Source: java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#StaticLoggerBinder
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#loggerNameMismatch
Source: java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#loggerNameMismatch4
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#multiple_bindings
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#no_static_mdc_binder
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#no_static_mdc_binder-
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#null_LF
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#null_MDCA
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#null_MDCAFile
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#replay
Source: java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#replayj
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#substituteLogger
Source: java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#substituteLoggerss
Source: java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#substituteLoggerssss
Source: java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#unsuccessfulInit
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#unsuccessfulInit)
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#version_mismatch
Source: java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#version_mismatchS
Source: java.exe, 00000002.00000003.366908558.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367867039.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367920213.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367555762.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.366575802.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.366792094.000000001A528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: java.exe, 00000002.00000003.366575802.000000001A5D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cno.
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/9
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entities
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entities7
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entities
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entities(
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces&
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/string-interning
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/validation
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/declaration-handler
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/declaration-handler&
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/dom-node
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/lexical-handler
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/xml-string
Source: java.exe, 00000002.00000002.523754221.0000000015BF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/repos/Col-E/Recaf/releases/latest
Source: java.exe, 00000002.00000002.517348175.0000000009FD5000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.525463036.000000001619F000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://col-e.github.io/Recaf-documentation/
Source: java.exe, 00000002.00000002.522356164.0000000014E60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://col-e.github.io/Recaf-documentation/onit
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Col-E/Recaf/issues/new/choose
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://repo1.maven.org/maven2/org/openjfx/javafx-%s/%s/javafx-%s-%s
Source: java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://repo1.maven.org/maven2/org/openjfx/javafx-%s/%s/javafx-%s-%sssL
Source: java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://repo1.maven.org/maven2/org/openjfx/javafx-base/18-ea
Source: java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://repo1.maven.org/maven2/org/openjfx/javafx-controls/18-ea
Source: java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://repo1.maven.org/maven2/org/openjfx/javafx-graphics/18-ea
Source: java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://repo1.maven.org/maven2/org/openjfx/javafx-media/18-ea
Source: unknownDNS traffic detected: queries for: api.github.com
Source: unknownHTTPS traffic detected: 140.82.121.5:443 -> 192.168.2.3:49753 version: TLS 1.2

System Summary

barindex
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: Commandline size = 2163
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: Commandline size = 2163Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_07F183906_2_07F18390
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_07F183906_2_07F18390
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_07F100066_2_07F10006
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_084585616_2_08458561
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_084585706_2_08458570
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_08475F106_2_08475F10
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_084765C06_2_084765C0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_084715706_2_08471570
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_084715806_2_08471580
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_08489DE06_2_08489DE0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_0848B1F06_2_0848B1F0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_0848A6526_2_0848A652
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_084897A36_2_084897A3
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_07F100406_2_07F10040
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_07F1BF206_2_07F1BF20
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_07F1BF116_2_07F1BF11
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_07F1BF1E6_2_07F1BF1E
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dllJump to behavior
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\#U6837#U672c.jar"" >> C:\cmdlinestart.log 2>&1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\#U6837#U672c.jar"
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Source: C:\Windows\SysWOW64\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -EncodedCommand JgAgAHsACgBbAEMAbwBuAHMAbwBsAGUAXQA6ADoATwB1AHQAcAB1AHQARQBuAGMAbwBkAGkAbgBnACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgACgBBAGQAZAAtAFQAeQBwAGUAIABAACIACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQA7AAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMAOwAKAHAAdQBiAGwAaQBjACAAYwBsAGEAcwBzACAARABpAHIAIAB7AAoAIAAgAFsARABsAGwASQBtAHAAbwByAHQAKAAiAHMAaABlAGwAbAAzADIALgBkAGwAbAAiACkAXQAKACAAIABwAHIAaQB2AGEAdABlACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAGkAbgB0ACAAUwBIAEcAZQB0AEsAbgBvAHcAbgBGAG8AbABkAGUAcgBQAGEAdABoACgAWwBNAGEAcgBzAGgAYQBsAEEAcwAoAFUAbgBtAGEAbgBhAGcAZQBkAFQAeQBwAGUALgBMAFAAUwB0AHIAdQBjAHQAKQBdACAARwB1AGkAZAAgAHIAZgBpAGQALAAgAHUAaQBuAHQAIABkAHcARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGgAVABvAGsAZQBuACwAIABvAHUAdAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAApADsACgAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAHMAdAByAGkAbgBnACAARwBlAHQASwBuAG8AdwBuAEYAbwBsAGQAZQByAFAAYQB0AGgAKABzAHQAcgBpAG4AZwAgAHIAZgBpAGQAKQAgAHsACgAgACAAIAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAA7AAoAIAAgACAAIABpAGYAIAAoAFMASABHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoAG4AZQB3ACAARwB1AGkAZAAoAHIAZgBpAGQAKQAsACAAMAAsACAASQBuAHQAUAB0AHIALgBaAGUAcgBvACwAIABvAHUAdAAgAHAAcwB6AFAAYQB0AGgAKQAgACEAPQAgADAAKQAgAHIAZQB0AHUAcgBuACAAIgAiADsACgAgACAAIAAgAHMAdAByAGkAbgBnACAAcABhAHQAaAAgAD0AIABNAGEAcgBzAGgAYQBsAC4AUAB0AHIAVABvAFMAdAByAGkAbgBnAFUAbgBpACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAE0AYQByAHMAaABhAGwALgBGAHIAZQBlAEMAbwBUAGEAcwBrAE0AZQBtACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAHIAZQB0AHUAcgBuACAAcABhAHQAaAA7AAoAIAAgAH0ACgB9AAoAIgBAAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIANQBFADYAQwA4ADUAOABGAC0AMABFADIAMgAtADQANwA2ADAALQA5AEEARgBFAC0ARQBBADMAMwAxADcAQgA2ADcAMQA3ADMAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIAMwBFAEIANgA4ADUARABCAC0ANgA1AEYAOQAtADQAQwBGADYALQBBADAAMwBBAC0ARQAzAEUARgA2ADUANwAyADkARgAzAEQAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIARgAxAEIAMwAyADcAOAA1AC0ANgBGAEIAQQAtADQARgBDAEYALQA5AEQANQA1AC0ANwBCADgARQA3AEYAMQA1ADcAMAA5ADEAIgApAAoAfQA=
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.cmdline
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3439.tmp" "c:\Users\user\AppData\Local\Temp\yg5wq3iq\CSC2B87B97A30754CA98C52C2EC748AF94C.TMP"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\#U6837#U672c.jar" Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)MJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -EncodedCommand JgAgAHsACgBbAEMAbwBuAHMAbwBsAGUAXQA6ADoATwB1AHQAcAB1AHQARQBuAGMAbwBkAGkAbgBnACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgACgBBAGQAZAAtAFQAeQBwAGUAIABAACIACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQA7AAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMAOwAKAHAAdQBiAGwAaQBjACAAYwBsAGEAcwBzACAARABpAHIAIAB7AAoAIAAgAFsARABsAGwASQBtAHAAbwByAHQAKAAiAHMAaABlAGwAbAAzADIALgBkAGwAbAAiACkAXQAKACAAIABwAHIAaQB2AGEAdABlACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAGkAbgB0ACAAUwBIAEcAZQB0AEsAbgBvAHcAbgBGAG8AbABkAGUAcgBQAGEAdABoACgAWwBNAGEAcgBzAGgAYQBsAEEAcwAoAFUAbgBtAGEAbgBhAGcAZQBkAFQAeQBwAGUALgBMAFAAUwB0AHIAdQBjAHQAKQBdACAARwB1AGkAZAAgAHIAZgBpAGQALAAgAHUAaQBuAHQAIABkAHcARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGgAVABvAGsAZQBuACwAIABvAHUAdAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAApADsACgAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAHMAdAByAGkAbgBnACAARwBlAHQASwBuAG8AdwBuAEYAbwBsAGQAZQByAFAAYQB0AGgAKABzAHQAcgBpAG4AZwAgAHIAZgBpAGQAKQAgAHsACgAgACAAIAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAA7AAoAIAAgACAAIABpAGYAIAAoAFMASABHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoAG4AZQB3ACAARwB1AGkAZAAoAHIAZgBpAGQAKQAsACAAMAAsACAASQBuAHQAUAB0AHIALgBaAGUAcgBvACwAIABvAHUAdAAgAHAAcwB6AFAAYQB0AGgAKQAgACEAPQAgADAAKQAgAHIAZQB0AHUAcgBuACAAIgAiADsACgAgACAAIAAgAHMAdAByAGkAbgBnACAAcABhAHQAaAAgAD0AIABNAGEAcgBzAGgAYQBsAC4AUAB0AHIAVABvAFMAdAByAGkAbgBnAFUAbgBpACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAE0AYQByAHMAaABhAGwALgBGAHIAZQBlAEMAbwBUAGEAcwBrAE0AZQBtACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAHIAZQB0AHUAcgBuACAAcABhAHQAaAA7AAoAIAAgAH0ACgB9AAoAIgBAAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIANQBFADYAQwA4ADUAOABGAC0AMABFADIAMgAtADQANwA2ADAALQA5AEEARgBFAC0ARQBBADMAMwAxADcAQgA2ADcAMQA3ADMAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIAMwBFAEIANgA4ADUARABCAC0ANgA1AEYAOQAtADQAQwBGADYALQBBADAAMwBBAC0ARQAzAEUARgA2ADUANwAyADkARgAzAEQAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIARgAxAEIAMwAyADcAOAA1AC0ANgBGAEIAQQAtADQARgBDAEYALQA5AEQANQA1AC0ANwBCADgARQA3AEYAMQA1ADcAMAA5ADEAIgApAAoAfQA=Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.cmdlineJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3439.tmp" "c:\Users\user\AppData\Local\Temp\yg5wq3iq\CSC2B87B97A30754CA98C52C2EC748AF94C.TMP"Jump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6648:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6412:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6524:120:WilError_01
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeFile created: C:\Users\user\AppData\Roaming\RecafJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeFile created: C:\Users\user\AppData\Local\Temp\hsperfdata_userJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeSection loaded: C:\Program Files (x86)\Java\jre1.8.0_211\bin\client\jvm.dllJump to behavior
Source: java.exeString found in binary or memory: sun/launcher/
Source: classification engineClassification label: mal52.expl.evad.winJAR@14/10@1/2
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: #U6837#U672c.jarStatic file information: File size 39147646 > 1048576
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeCode function: 2_2_0285D877 push 00000000h; mov dword ptr [esp], esp2_2_0285D8A1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_08458FE0 push eax; retf 6_2_08458FE1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_08458092 pushad ; ret 6_2_084580B1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.cmdline
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.cmdlineJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.dllJump to dropped file
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2465Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 801Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6808Thread sleep count: 2465 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6808Thread sleep count: 801 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6880Thread sleep count: 31 > 30Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6232Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.dllJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: java.exe, 00000002.00000003.246597794.0000000014E6F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: java/lang/VirtualMachineError
Source: java.exe, 00000002.00000003.246597794.0000000014E6F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: &com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: java.exe, 00000002.00000002.514236461.0000000002750000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ,java/lang/VirtualMachineError
Source: java.exe, 00000002.00000002.514236461.0000000002750000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: |[Ljava/lang/VirtualMachineError;
Source: java.exe, 00000002.00000002.517348175.0000000009FD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: org/omg/CORBA/OMGVMCID
Source: java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: @com.sun.tools.attach.VirtualMachinendLin
Source: java.exe, 00000002.00000002.517348175.0000000009FD5000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.525463036.000000001619F000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: #com.sun.tools.attach.VirtualMachine
Source: java.exe, 00000002.00000003.246597794.0000000014E6F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: org/omg/CORBA/OMGVMCID.classPK
Source: java.exe, 00000002.00000003.246597794.0000000014E6F000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: java/lang/VirtualMachineError.classPK
Source: java.exe, 00000002.00000002.525463036.000000001619F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: W0(Lcom/sun/tools/attach/VirtualMachineDescriptor;)Lcom/sun/tools/attach/VirtualMachine;
Source: java.exe, 00000002.00000002.517348175.0000000009FD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: #com/sun/corba/se/impl/util/SUNVMCID
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeCode function: 2_2_02850632 LdrInitializeThunk,LdrInitializeThunk,2_2_02850632
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeMemory protected: page read and write | page guardJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: Base64 decoded & {[Console]::OutputEncoding = [System.Text.Encoding]::UTF8Add-Type @"using System;using System.Runtime.InteropServices;public class Dir { [DllImport("shell32.dll")] private static extern int SHGetKnownFolderPath([MarshalAs(UnmanagedType.LPStruct)] Guid rfid, uint dwFlags, IntPtr hToken, out IntPtr pszPath); public static string GetKnownFolderPath(string rfid) { IntPtr pszPath; if (SHGetKnownFolderPath(new Guid(rfid), 0, IntPtr.Zero, out pszPath) != 0) return ""; string path = Marshal.PtrToStringUni(pszPath); Marshal.FreeCoTaskMem(pszPath); return path; }}"@[Dir]::GetKnownFolderPath("5E6C858F-0E22-4760-9AFE-EA3317B67173")[Dir]::GetKnownFolderPath("3EB685DB-65F9-4CF6-A03A-E3EF65729F3D")[Dir]::GetKnownFolderPath("F1B32785-6FBA-4FCF-9D55-7B8E7F157091")}
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: Base64 decoded & {[Console]::OutputEncoding = [System.Text.Encoding]::UTF8Add-Type @"using System;using System.Runtime.InteropServices;public class Dir { [DllImport("shell32.dll")] private static extern int SHGetKnownFolderPath([MarshalAs(UnmanagedType.LPStruct)] Guid rfid, uint dwFlags, IntPtr hToken, out IntPtr pszPath); public static string GetKnownFolderPath(string rfid) { IntPtr pszPath; if (SHGetKnownFolderPath(new Guid(rfid), 0, IntPtr.Zero, out pszPath) != 0) return ""; string path = Marshal.PtrToStringUni(pszPath); Marshal.FreeCoTaskMem(pszPath); return path; }}"@[Dir]::GetKnownFolderPath("5E6C858F-0E22-4760-9AFE-EA3317B67173")[Dir]::GetKnownFolderPath("3EB685DB-65F9-4CF6-A03A-E3EF65729F3D")[Dir]::GetKnownFolderPath("F1B32785-6FBA-4FCF-9D55-7B8E7F157091")}Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -EncodedCommand JgAgAHsACgBbAEMAbwBuAHMAbwBsAGUAXQA6ADoATwB1AHQAcAB1AHQARQBuAGMAbwBkAGkAbgBnACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgACgBBAGQAZAAtAFQAeQBwAGUAIABAACIACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQA7AAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMAOwAKAHAAdQBiAGwAaQBjACAAYwBsAGEAcwBzACAARABpAHIAIAB7AAoAIAAgAFsARABsAGwASQBtAHAAbwByAHQAKAAiAHMAaABlAGwAbAAzADIALgBkAGwAbAAiACkAXQAKACAAIABwAHIAaQB2AGEAdABlACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAGkAbgB0ACAAUwBIAEcAZQB0AEsAbgBvAHcAbgBGAG8AbABkAGUAcgBQAGEAdABoACgAWwBNAGEAcgBzAGgAYQBsAEEAcwAoAFUAbgBtAGEAbgBhAGcAZQBkAFQAeQBwAGUALgBMAFAAUwB0AHIAdQBjAHQAKQBdACAARwB1AGkAZAAgAHIAZgBpAGQALAAgAHUAaQBuAHQAIABkAHcARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGgAVABvAGsAZQBuACwAIABvAHUAdAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAApADsACgAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAHMAdAByAGkAbgBnACAARwBlAHQASwBuAG8AdwBuAEYAbwBsAGQAZQByAFAAYQB0AGgAKABzAHQAcgBpAG4AZwAgAHIAZgBpAGQAKQAgAHsACgAgACAAIAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAA7AAoAIAAgACAAIABpAGYAIAAoAFMASABHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoAG4AZQB3ACAARwB1AGkAZAAoAHIAZgBpAGQAKQAsACAAMAAsACAASQBuAHQAUAB0AHIALgBaAGUAcgBvACwAIABvAHUAdAAgAHAAcwB6AFAAYQB0AGgAKQAgACEAPQAgADAAKQAgAHIAZQB0AHUAcgBuACAAIgAiADsACgAgACAAIAAgAHMAdAByAGkAbgBnACAAcABhAHQAaAAgAD0AIABNAGEAcgBzAGgAYQBsAC4AUAB0AHIAVABvAFMAdAByAGkAbgBnAFUAbgBpACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAE0AYQByAHMAaABhAGwALgBGAHIAZQBlAEMAbwBUAGEAcwBrAE0AZQBtACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAHIAZQB0AHUAcgBuACAAcABhAHQAaAA7AAoAIAAgAH0ACgB9AAoAIgBAAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIANQBFADYAQwA4ADUAOABGAC0AMABFADIAMgAtADQANwA2ADAALQA5AEEARgBFAC0ARQBBADMAMwAxADcAQgA2ADcAMQA3ADMAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIAMwBFAEIANgA4ADUARABCAC0ANgA1AEYAOQAtADQAQwBGADYALQBBADAAMwBBAC0ARQAzAEUARgA2ADUANwAyADkARgAzAEQAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIARgAxAEIAMwAyADcAOAA1AC0ANgBGAEIAQQAtADQARgBDAEYALQA5AEQANQA1AC0ANwBCADgARQA3AEYAMQA1ADcAMAA5ADEAIgApAAoAfQA=
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -EncodedCommand JgAgAHsACgBbAEMAbwBuAHMAbwBsAGUAXQA6ADoATwB1AHQAcAB1AHQARQBuAGMAbwBkAGkAbgBnACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgACgBBAGQAZAAtAFQAeQBwAGUAIABAACIACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQA7AAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMAOwAKAHAAdQBiAGwAaQBjACAAYwBsAGEAcwBzACAARABpAHIAIAB7AAoAIAAgAFsARABsAGwASQBtAHAAbwByAHQAKAAiAHMAaABlAGwAbAAzADIALgBkAGwAbAAiACkAXQAKACAAIABwAHIAaQB2AGEAdABlACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAGkAbgB0ACAAUwBIAEcAZQB0AEsAbgBvAHcAbgBGAG8AbABkAGUAcgBQAGEAdABoACgAWwBNAGEAcgBzAGgAYQBsAEEAcwAoAFUAbgBtAGEAbgBhAGcAZQBkAFQAeQBwAGUALgBMAFAAUwB0AHIAdQBjAHQAKQBdACAARwB1AGkAZAAgAHIAZgBpAGQALAAgAHUAaQBuAHQAIABkAHcARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGgAVABvAGsAZQBuACwAIABvAHUAdAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAApADsACgAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAHMAdAByAGkAbgBnACAARwBlAHQASwBuAG8AdwBuAEYAbwBsAGQAZQByAFAAYQB0AGgAKABzAHQAcgBpAG4AZwAgAHIAZgBpAGQAKQAgAHsACgAgACAAIAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAA7AAoAIAAgACAAIABpAGYAIAAoAFMASABHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoAG4AZQB3ACAARwB1AGkAZAAoAHIAZgBpAGQAKQAsACAAMAAsACAASQBuAHQAUAB0AHIALgBaAGUAcgBvACwAIABvAHUAdAAgAHAAcwB6AFAAYQB0AGgAKQAgACEAPQAgADAAKQAgAHIAZQB0AHUAcgBuACAAIgAiADsACgAgACAAIAAgAHMAdAByAGkAbgBnACAAcABhAHQAaAAgAD0AIABNAGEAcgBzAGgAYQBsAC4AUAB0AHIAVABvAFMAdAByAGkAbgBnAFUAbgBpACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAE0AYQByAHMAaABhAGwALgBGAHIAZQBlAEMAbwBUAGEAcwBrAE0AZQBtACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAHIAZQB0AHUAcgBuACAAcABhAHQAaAA7AAoAIAAgAH0ACgB9AAoAIgBAAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIANQBFADYAQwA4ADUAOABGAC0AMABFADIAMgAtADQANwA2ADAALQA5AEEARgBFAC0ARQBBADMAMwAxADcAQgA2ADcAMQA3ADMAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIAMwBFAEIANgA4ADUARABCAC0ANgA1AEYAOQAtADQAQwBGADYALQBBADAAMwBBAC0ARQAzAEUARgA2ADUANwAyADkARgAzAEQAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIARgAxAEIAMwAyADcAOAA1AC0ANgBGAEIAQQAtADQARgBDAEYALQA5AEQANQA1AC0ANwBCADgARQA3AEYAMQA1ADcAMAA5ADEAIgApAAoAfQA=Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\#U6837#U672c.jar" Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)MJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -EncodedCommand JgAgAHsACgBbAEMAbwBuAHMAbwBsAGUAXQA6ADoATwB1AHQAcAB1AHQARQBuAGMAbwBkAGkAbgBnACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgACgBBAGQAZAAtAFQAeQBwAGUAIABAACIACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQA7AAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMAOwAKAHAAdQBiAGwAaQBjACAAYwBsAGEAcwBzACAARABpAHIAIAB7AAoAIAAgAFsARABsAGwASQBtAHAAbwByAHQAKAAiAHMAaABlAGwAbAAzADIALgBkAGwAbAAiACkAXQAKACAAIABwAHIAaQB2AGEAdABlACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAGkAbgB0ACAAUwBIAEcAZQB0AEsAbgBvAHcAbgBGAG8AbABkAGUAcgBQAGEAdABoACgAWwBNAGEAcgBzAGgAYQBsAEEAcwAoAFUAbgBtAGEAbgBhAGcAZQBkAFQAeQBwAGUALgBMAFAAUwB0AHIAdQBjAHQAKQBdACAARwB1AGkAZAAgAHIAZgBpAGQALAAgAHUAaQBuAHQAIABkAHcARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGgAVABvAGsAZQBuACwAIABvAHUAdAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAApADsACgAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAHMAdAByAGkAbgBnACAARwBlAHQASwBuAG8AdwBuAEYAbwBsAGQAZQByAFAAYQB0AGgAKABzAHQAcgBpAG4AZwAgAHIAZgBpAGQAKQAgAHsACgAgACAAIAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAA7AAoAIAAgACAAIABpAGYAIAAoAFMASABHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoAG4AZQB3ACAARwB1AGkAZAAoAHIAZgBpAGQAKQAsACAAMAAsACAASQBuAHQAUAB0AHIALgBaAGUAcgBvACwAIABvAHUAdAAgAHAAcwB6AFAAYQB0AGgAKQAgACEAPQAgADAAKQAgAHIAZQB0AHUAcgBuACAAIgAiADsACgAgACAAIAAgAHMAdAByAGkAbgBnACAAcABhAHQAaAAgAD0AIABNAGEAcgBzAGgAYQBsAC4AUAB0AHIAVABvAFMAdAByAGkAbgBnAFUAbgBpACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAE0AYQByAHMAaABhAGwALgBGAHIAZQBlAEMAbwBUAGEAcwBrAE0AZQBtACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAHIAZQB0AHUAcgBuACAAcABhAHQAaAA7AAoAIAAgAH0ACgB9AAoAIgBAAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIANQBFADYAQwA4ADUAOABGAC0AMABFADIAMgAtADQANwA2ADAALQA5AEEARgBFAC0ARQBBADMAMwAxADcAQgA2ADcAMQA3ADMAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIAMwBFAEIANgA4ADUARABCAC0ANgA1AEYAOQAtADQAQwBGADYALQBBADAAMwBBAC0ARQAzAEUARgA2ADUANwAyADkARgAzAEQAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIARgAxAEIAMwAyADcAOAA1AC0ANgBGAEIAQQAtADQARgBDAEYALQA5AEQANQA1AC0ANwBCADgARQA3AEYAMQA1ADcAMAA5ADEAIgApAAoAfQA=Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.cmdlineJump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3439.tmp" "c:\Users\user\AppData\Local\Temp\yg5wq3iq\CSC2B87B97A30754CA98C52C2EC748AF94C.TMP"Jump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaBrightDemiBold.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaBrightDemiBold.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaBrightDemiItalic.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaBrightDemiItalic.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaBrightItalic.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaBrightItalic.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaBrightRegular.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaBrightRegular.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaSansDemiBold.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaSansDemiBold.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaSansRegular.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaSansRegular.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaTypewriterBold.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaTypewriterBold.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaTypewriterRegular.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaTypewriterRegular.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GILSANUB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GILSANUB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GILLUBCD.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GILLUBCD.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeCode function: 2_2_02850380 cpuid 2_2_02850380
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts112
Command and Scripting Interpreter
1
Services File Permissions Weakness
11
Process Injection
1
Masquerading
OS Credential Dumping1
Security Software Discovery
Remote Services1
Archive Collected Data
Exfiltration Over Other Network Medium12
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default Accounts1
Exploitation for Client Execution
Boot or Logon Initialization Scripts1
Services File Permissions Weakness
1
Disable or Modify Tools
LSASS Memory1
Process Discovery
Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
Non-Application Layer Protocol
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain Accounts1
PowerShell
Logon Script (Windows)Logon Script (Windows)21
Virtualization/Sandbox Evasion
Security Account Manager21
Virtualization/Sandbox Evasion
SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
Application Layer Protocol
Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)11
Process Injection
NTDS1
Application Window Discovery
Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
Deobfuscate/Decode Files or Information
LSA Secrets1
Remote System Discovery
SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common1
Obfuscated Files or Information
Cached Domain Credentials22
System Information Discovery
VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items1
Services File Permissions Weakness
DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 631576 Sample: #U6837#U672c.jar Startdate: 21/05/2022 Architecture: WINDOWS Score: 52 36 Very long command line found 2->36 38 Encrypted powershell cmdline option found 2->38 40 Exploit detected, runtime environment starts unknown processes 2->40 9 cmd.exe 2 2->9         started        process3 process4 11 java.exe 28 9->11         started        15 conhost.exe 9->15         started        dnsIp5 32 api.github.com 140.82.121.5, 443, 49753 GITHUBUS United States 11->32 34 192.168.2.1 unknown unknown 11->34 42 Very long command line found 11->42 44 Encrypted powershell cmdline option found 11->44 17 powershell.exe 24 11->17         started        19 icacls.exe 1 11->19         started        signatures6 process7 process8 21 csc.exe 3 17->21         started        24 conhost.exe 17->24         started        26 conhost.exe 19->26         started        file9 30 C:\Users\user\AppData\Local\...\yg5wq3iq.dll, PE32 21->30 dropped 28 cvtres.exe 1 21->28         started        process10

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
#U6837#U672c.jar0%VirustotalBrowse
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://www.chambersign.org10%URL Reputationsafe
http://java.sun.com/xml/dom/properties/0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/10%URL Reputationsafe
http://www.jiyu-kobo.co.jp//0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
https://col-e.github.io/Recaf-documentation/0%Avira URL Cloudsafe
http://policy.camerfirma.com00%URL Reputationsafe
http://java.sun.com/xml/stream/properties/ignore-external-dtd0%URL Reputationsafe
http://www.certplus.com/CRL/class2.crl0%URL Reputationsafe
http://bugreport.sun.com/bugreport/0%URL Reputationsafe
http://java.sun.com/xml/stream/properties/report-cdata-event0y0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/F0%URL Reputationsafe
http://java.sun.com/xml/stream/properties/80%Avira URL Cloudsafe
http://cps.chambersign.org/cps/chambersroot.html0%URL Reputationsafe
http://www.certplus.com/CRL/class3P.crl0%URL Reputationsafe
http://crl.securetrust.com/STCA.crl0%URL Reputationsafe
http://javax.xml.XMLConstants/property/accessExternalDTD;0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/_0%URL Reputationsafe
http://javax.xml.XMLConstants/property/0%URL Reputationsafe
http://java.sun.com/xml/stream/properties/reader-in-defined-state0%URL Reputationsafe
http://www.carterandcone.com80%URL Reputationsafe
http://www.galapagosdesign.com/x0%Avira URL Cloudsafe
http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0%URL Reputationsafe
http://javax.xml.XMLConstants/property/accessExternalDTD0%URL Reputationsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace0%URL Reputationsafe
http://www.quovadis.bm0%URL Reputationsafe
NameIPActiveMaliciousAntivirus DetectionReputation
api.github.com
140.82.121.5
truefalse
    high
    NameSourceMaliciousAntivirus DetectionReputation
    http://apache.org/xml/features/validation/schema/augment-psvijava.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
      high
      http://apache.org/xml/properties/input-buffer-sizejava.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
        high
        http://www.chambersign.org1java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        unknown
        http://apache.org/xml/features/standard-uri-conformant2java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
          high
          http://repository.swisssign.com/0java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpfalse
            high
            http://apache.org/xml/properties/schema/external-schemaLocation(java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
              high
              http://logback.qos.ch/manual/java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpfalse
                high
                http://apache.org/xml/properties/internal/entity-managerjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpfalse
                  high
                  http://apache.org/xml/properties/internal/symbol-tableQjava.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                    high
                    http://apache.org/xml/features/internal/parser-settingsjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                      high
                      http://apache.org/xml/properties/internal/document-scanner7java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                        high
                        http://java.sun.com/xml/dom/properties/java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        unknown
                        http://apache.org/xml/properties/internal/stax-entity-resolverjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                          high
                          http://apache.org/xml/features/3java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            http://www.jiyu-kobo.co.jp/1java.exe, 00000002.00000003.386917865.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.384744761.000000001A528000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            http://apache.org/xml/features/xinclude/fixup-base-urisjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocationjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                http://www.jiyu-kobo.co.jp//java.exe, 00000002.00000003.386917865.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.381672244.000000001A50E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.382202087.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.384744761.000000001A528000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                unknown
                                http://apache.org/xml/properties/internal/error-reporterjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  http://www.slf4j.org/codes.html#multiple_bindingsjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    https://repo1.maven.org/maven2/org/openjfx/javafx-%s/%s/javafx-%s-%sjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      http://www.zhongyicts.com.cnjava.exe, 00000002.00000003.366908558.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367867039.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367920213.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367555762.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.366575802.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.366792094.000000001A528000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://apache.org/xml/features/scanner/notify-char-refsjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        http://logback.qos.ch/codes.html#sat_missing_integer_tokenjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          http://www.slf4j.org/codes.html#null_MDCAFilejava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            https://col-e.github.io/Recaf-documentation/java.exe, 00000002.00000002.517348175.0000000009FD5000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.525463036.000000001619F000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://policy.camerfirma.com0java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            unknown
                                            http://apache.org/xml/features/validation/schema/normalized-valueBjava.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              http://java.sun.com/xml/stream/properties/ignore-external-dtdjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              unknown
                                              http://apache.org/xml/features/continue-after-fatal-errorjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                http://apache.org/xml/features/standard-uri-conformantjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  http://apache.org/xml/properties/internal/document-scannerjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    http://www.certplus.com/CRL/class2.crljava.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    http://bugreport.sun.com/bugreport/java.exe, 00000002.00000002.517323221.0000000009FC5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    http://java.oracle.com/java.exe, 00000002.00000002.517348175.0000000009FD5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      http://logback.qos.ch/codes.html#blockjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        http://apache.org/xml/features/java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          http://java.sun.com/xml/stream/properties/report-cdata-event0yjava.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          unknown
                                                          http://www.jiyu-kobo.co.jp/Fjava.exe, 00000002.00000003.379215569.000000001A50E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.386917865.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.381672244.000000001A50E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.382202087.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.384744761.000000001A528000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          unknown
                                                          http://apache.org/xml/features/generate-synthetic-annotationsjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            http://www.slf4j.org/codes.html#unsuccessfulInit)java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://java.sun.com/xml/stream/properties/8java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              http://xml.org/sax/features/allow-dtd-events-after-endDTDjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                http://cps.chambersign.org/cps/chambersroot.htmljava.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://www.certplus.com/CRL/class3P.crljava.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://www.slf4j.org/codes.html#substituteLoggerjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-onlyjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://crl.securetrust.com/STCA.crljava.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    http://apache.org/xml/properties/internal/namespace-binderjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://javax.xml.XMLConstants/property/accessExternalDTD;java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      http://logback.qos.ch/codes.html#earlier_fa_collisionjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://apache.org/xml/features/scanner/notify-builtin-refs6java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://apache.org/xml/properties/security-managerjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://www.slf4j.org/codes.html#substituteLoggerssssjava.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://www.jiyu-kobo.co.jp/_java.exe, 00000002.00000003.386917865.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.381672244.000000001A50E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.382202087.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.384744761.000000001A528000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              unknown
                                                                              http://logback.qos.ch/codes.html#layoutInsteadOfEncoderjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://apache.org/xml/features/xincludejava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://logback.qos.ch/codes.htmljava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://apache.org/xml/features/validation/schema-full-checkingjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://javax.xml.XMLConstants/property/java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      unknown
                                                                                      http://www.slf4j.org/codes.html#unsuccessfulInitjava.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://apache.org/xml/properties/internal/dtd-scanner8java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://github.com/Col-E/Recaf/issues/new/choosejava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://repo1.maven.org/maven2/org/openjfx/javafx-controls/18-eajava.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              http://apache.org/xml/properties/internal/grammar-pooljava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://java.sun.com/xml/stream/properties/reader-in-defined-statejava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                unknown
                                                                                                https://repo1.maven.org/maven2/org/openjfx/javafx-media/18-eajava.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://www.quovadisglobal.com/cps0java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    http://www.carterandcone.com8java.exe, 00000002.00000003.372321347.000000001A5CC000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.372503883.000000001A5CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    unknown
                                                                                                    http://www.galapagosdesign.com/xjava.exe, 00000002.00000003.361386794.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361324132.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361112768.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361054366.000000001A5D2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.360957466.000000001A5D2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361475761.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361138940.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361344233.000000001A5D3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    unknown
                                                                                                    http://www.slf4j.org/codes.html#null_MDCAjava.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crljava.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      http://www.slf4j.org/codes.html#replayjjava.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        http://apache.org/xml/features/allow-java-encodingsjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          http://apache.org/xml/properties/internal/datatype-validator-factory:java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            http://www.oracle.com/feature/use-service-mechanismjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              http://www.slf4j.org/codes.html#replayjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://javax.xml.XMLConstants/property/accessExternalDTDjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                http://apache.org/xml/xmlschema/1.0/anonymousTypesjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://apache.org/xml/features/validation/schema/normalized-valuejava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    http://apache.org/xml/features/xinclude/fixup-languagejava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      http://logback.qos.ch/codes.html#null_CShtjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        http://www.quovadisglobal.com/cpsjava.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          http://www.founder.com.cn/cnjava.exe, 00000002.00000003.364008096.000000001A5D2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367125571.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365417219.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364923911.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.363715049.000000001A5D2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364166636.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364685791.000000001A5CB000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367621099.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.363962074.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365710903.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367540017.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.363573890.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.363600655.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364541190.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364989262.000000001A5BC000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367581782.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364257114.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367223930.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365518800.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.363860163.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364348330.000000001A529000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          unknown
                                                                                                                          http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespacejava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          unknown
                                                                                                                          https://api.github.com/repos/Col-E/Recaf/releases/latestjava.exe, 00000002.00000002.523754221.0000000015BF0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://repo1.maven.org/maven2/org/openjfx/javafx-%s/%s/javafx-%s-%sssLjava.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              http://xml.org/sax/properties/declaration-handlerjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                http://apache.org/xml/features/xinclude7java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  http://apache.org/xml/properties/internal/symbol-tablejava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    http://www.slf4j.org/codes.html#loggerNameMismatch4java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      http://apache.org/xml/features/validation/balance-syntax-treesyP1java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        http://apache.org/xml/properties/security-managerDjava.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          http://apache.org/xml/properties/Djava.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            http://www.slf4j.org/codes.htmljava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://repo1.maven.org/maven2/org/openjfx/javafx-graphics/18-eajava.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                http://www.quovadis.bmjava.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                unknown
                                                                                                                                                http://xml.org/sax/features/9java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  http://apache.org/xml/features/validation/dynamicnal/xnijava.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    http://www.slf4j.org/codes.html#version_mismatchjava.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                      • 75% < No. of IPs
                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                      140.82.121.5
                                                                                                                                                      api.github.comUnited States
                                                                                                                                                      36459GITHUBUSfalse
                                                                                                                                                      IP
                                                                                                                                                      192.168.2.1
                                                                                                                                                      Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                                                                      Analysis ID:631576
                                                                                                                                                      Start date and time: 21/05/202215:25:212022-05-21 15:25:21 +02:00
                                                                                                                                                      Joe Sandbox Product:CloudBasic
                                                                                                                                                      Overall analysis duration:0h 10m 34s
                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                      Report type:full
                                                                                                                                                      Sample file name:#U6837#U672c.jar
                                                                                                                                                      Cookbook file name:defaultwindowsfilecookbook.jbs
                                                                                                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                      Number of analysed new started processes analysed:31
                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                      Technologies:
                                                                                                                                                      • HCA enabled
                                                                                                                                                      • EGA enabled
                                                                                                                                                      • HDC enabled
                                                                                                                                                      • GSI enabled (Java)
                                                                                                                                                      • AMSI enabled
                                                                                                                                                      Analysis Mode:default
                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                      Detection:MAL
                                                                                                                                                      Classification:mal52.expl.evad.winJAR@14/10@1/2
                                                                                                                                                      EGA Information:
                                                                                                                                                      • Successful, ratio: 50%
                                                                                                                                                      HDC Information:Failed
                                                                                                                                                      HCA Information:
                                                                                                                                                      • Successful, ratio: 99%
                                                                                                                                                      • Number of executed functions: 81
                                                                                                                                                      • Number of non-executed functions: 6
                                                                                                                                                      Cookbook Comments:
                                                                                                                                                      • Found application associated with file extension: .jar
                                                                                                                                                      • Adjust boot time
                                                                                                                                                      • Enable AMSI
                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 23.211.6.115
                                                                                                                                                      • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, fs.microsoft.com, login.live.com, store-images.s-microsoft.com, sls.update.microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                      • Reached maximum number of file to list during submission archive extraction
                                                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                      • Report size getting too big, too many NtReadFile calls found.
                                                                                                                                                      • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                      TimeTypeDescription
                                                                                                                                                      15:26:49API Interceptor33x Sleep call for process: powershell.exe modified
                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                      140.82.121.5ecb07e08-1df9-4018-bb24-addfa2685dc6.exeGet hashmaliciousBrowse
                                                                                                                                                        wuaueng.dllGet hashmaliciousBrowse
                                                                                                                                                          1OcT3qul5z.docGet hashmaliciousBrowse
                                                                                                                                                            VertiPaq Analyzer 2.02.xlsmGet hashmaliciousBrowse
                                                                                                                                                              http://pma.climabitus.com/undercook.phpGet hashmaliciousBrowse
                                                                                                                                                                http://data-and-the-world.onrender.com/Get hashmaliciousBrowse
                                                                                                                                                                  http://data-and-the-world.onrender.comGet hashmaliciousBrowse
                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                    api.github.comhttp://url9810.tokocrypto.com/ls/click?upn=aLmEghmoxRJP-2F680gaYmGnaCKiHYPtgaMPpLS3eteh9DEzN3TiDW2-2FozNNXOXsUAUgBxEHXvhuQ0qWJ2-2Ferhe-2FwK3oxFdoh0mNIBhBxb5nkq3ajArS-2F4v2uxZBfX7oiwRuwC_YxCxpoge33FNHhRVcK23d3V78m7eXIEfDCtcrRALzfwqBEGTE2N8zeITuklAtn6vktOpNh6hxHEgIu-2BdogNcNCwLRhY1KCD7cCNHm5-2B1MENtuRhv-2Fjf7j42Vn5ttt5eGAaMktGPu0Pism46rRpm8zgtZq1ofytgBXCEUTun68TfnLHp8yx-2BzMb6pETBnmTGhCSn4iFRyJ1UaW0shpYfBUA-3D-3DGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.6
                                                                                                                                                                    ecb07e08-1df9-4018-bb24-addfa2685dc6.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    wuaueng.dllGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    1OcT3qul5z.docGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    c7ed67c7d4fb4e6099a56c5282e19037.cssGet hashmaliciousBrowse
                                                                                                                                                                    • 45.141.70.5
                                                                                                                                                                    066a8daa8f774085941d879fb08027b9.cssGet hashmaliciousBrowse
                                                                                                                                                                    • 45.141.70.5
                                                                                                                                                                    VertiPaq Analyzer 2.02.xlsmGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    VertiPaq Analyzer 2.02.xlsmGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.6
                                                                                                                                                                    http://pma.climabitus.com/undercook.phpGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    http://data-and-the-world.onrender.com/Get hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    http://data-and-the-world.onrender.comGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    http://data-and-the-world.onrender.comGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.6
                                                                                                                                                                    Questionnaire.docGet hashmaliciousBrowse
                                                                                                                                                                    • 192.30.253.117
                                                                                                                                                                    Questionnaire.docGet hashmaliciousBrowse
                                                                                                                                                                    • 192.30.253.116
                                                                                                                                                                    https://az764295.vo.msecnd.net/stable/2213894ea0415ee8c85c5eea0d0ff81ecc191529/VSCodeUserSetup-x64-1.36.1.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.118.5
                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                    GITHUBUSMV Reggane RFQ.jarGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.3
                                                                                                                                                                    I5cqn1hyQj.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.3
                                                                                                                                                                    http://codeload.github.com/iSECPartners/jailbreak/zip/refs/heads/masterGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.9
                                                                                                                                                                    delivery_info_21 (1).jarGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.4
                                                                                                                                                                    Electronic receipt #1752022-7992.jsGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.4
                                                                                                                                                                    Car.jarGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.3
                                                                                                                                                                    Bank Paper pdf.jsGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.4
                                                                                                                                                                    Elecronic receipt #8002-NWA-160592.jsGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.4
                                                                                                                                                                    Payment_Receipt.jarGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.3
                                                                                                                                                                    Statement_0219.jsGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.4
                                                                                                                                                                    Statement_0219.jsGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.4
                                                                                                                                                                    MzRn1YNrbz.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.3
                                                                                                                                                                    Request For Quotation.jsGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.4
                                                                                                                                                                    Request For Quotation.jsGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.4
                                                                                                                                                                    PAYMENT_RECEIPT_INV8938464944.jarGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.4
                                                                                                                                                                    Request For Quotation.jsGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.4
                                                                                                                                                                    Request For Quotation.jsGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.4
                                                                                                                                                                    Invoice_VC85262241.xllGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.4
                                                                                                                                                                    Machine Info.jarGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.4
                                                                                                                                                                    00987900.htmlGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.3
                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                    d2935c58fe676744fecc8614ee5356c7Electronic receipt #1752022-7992.jsGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    Bank Paper pdf.jsGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    Elecronic receipt #8002-NWA-160592.jsGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    Statement_0219.jsGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    Statement_0219.jsGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    Request For Quotation.jsGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    Request For Quotation.jsGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    PAYMENT_RECEIPT_INV8938464944.jarGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    Request For Quotation.jsGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    Request For Quotation.jsGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    proof of payment.jsGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    proof of payment.jsGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    strrat_deob.jarGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    strrat_deob.jarGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    EssiplusSignerInstaller.exeGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    Statement_10619_from_eRev_Inc.jarGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    Statement_10619_from_eRev_Inc.jarGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    FILE20220041930221SWIFT.jarGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    FILE20220041930221SWIFT.jarGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    Purchase Order NO_0779890-2022 pdf.jsGet hashmaliciousBrowse
                                                                                                                                                                    • 140.82.121.5
                                                                                                                                                                    No context
                                                                                                                                                                    Process:C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe
                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):57
                                                                                                                                                                    Entropy (8bit):4.827903829688524
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:oFj4I5vpN6yUcXR:oJ5X6yrR
                                                                                                                                                                    MD5:9807D9BB8842C220C57C4431929E7786
                                                                                                                                                                    SHA1:493505806DA9425ECB568E4B1347A5EEA2DB7120
                                                                                                                                                                    SHA-256:BBD5E4CB1EC712EB8011AC4CCBFE733C228F89D6B0D6E4DE024A7AE6A089A2E4
                                                                                                                                                                    SHA-512:3149DA5FE1CB406F6594D44880A3B51A7369CE9F0B40FC63C8C3F8C0D8DBE27871F2076927CF136178ED5DFB20C1D8478703696D948CD4C3A81981FC43C229FF
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Reputation:low
                                                                                                                                                                    Preview:C:\Program Files (x86)\Java\jre1.8.0_211..1653171985865..
                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                    File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x492, 9 symbols
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1336
                                                                                                                                                                    Entropy (8bit):4.035709788527701
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:H1Mm9BgqUKt4UhHyhK8qQfII+ycuZhNT2akSinPNnq9Sd:VYqUooK8qQg1ulya32q9C
                                                                                                                                                                    MD5:A148D6FDA96214F9B2EA33605BEACD70
                                                                                                                                                                    SHA1:A04452E476E0270764374B2C8FDEC34AF6827E2B
                                                                                                                                                                    SHA-256:8D466C2AA799B8354A195746959BCEBF16535E00EB166D992B6AD5367D88656A
                                                                                                                                                                    SHA-512:345B16B5228779D5BD53DEC5A9DFA411A95C01917A23F68E4ECDA00E6525057E6D7ABF869688A2D25895FAFEEA92F8CE26987A30F6616B7B75BBA2390BFD5AF3
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Reputation:low
                                                                                                                                                                    Preview:L...4g.b.............debug$S........T...................@..B.rsrc$01........X.......8...........@..@.rsrc$02........P...B...............@..@........T....c:\Users\user\AppData\Local\Temp\yg5wq3iq\CSC2B87B97A30754CA98C52C2EC748AF94C.TMP....................83-.IG.8...........4.......C:\Users\user\AppData\Local\Temp\RES3439.tmp.-.<...................'...Microsoft (R) CVTRES.d.=..cwd.C:\Program Files (x86)\AutoIt3.exe.C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe...............................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...y.g.5.w.q.3.i.q...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.
                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:U:U
                                                                                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:1
                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:U:U
                                                                                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:1
                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                    File Type:MSVC .res
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):652
                                                                                                                                                                    Entropy (8bit):3.1169929164642958
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryp2ak7YnqqinPN5Dlq5J:+RI+ycuZhNT2akSinPNnqX
                                                                                                                                                                    MD5:B39EEAD6B4F938332DE8B04947C738F3
                                                                                                                                                                    SHA1:90A646BC64B528E813FE96BCC908929413A07C1C
                                                                                                                                                                    SHA-256:7A7446DA5CD69D0CCD3821D00C9BBA87BFB8E9C3A49373B55BA305088245F045
                                                                                                                                                                    SHA-512:1DC0FB3B8E46EEEEEA305B0C2EA51CD5BF4ED5D1F8A77B946F33B9A59FA73193D45B91A1CEFF9EDA981A659735A4BF3E49505B72495A90600E00EAC95BF968B0
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...y.g.5.w.q.3.i.q...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...y.g.5.w.q.3.i.q...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...
                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                    File Type:UTF-8 Unicode (with BOM) text
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):526
                                                                                                                                                                    Entropy (8bit):5.028337668210565
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:12:V/DTLDCcCUDMhFV8FkrWedKJyyepmLyJuMFoqxGMRyuMlPxAwZ:JjCUQhFVIkr7dKcoMbg3pSa
                                                                                                                                                                    MD5:19CF785FBC390F5627236A4B664E3467
                                                                                                                                                                    SHA1:917D102DA7222D6A0477F3932C1D9014601CA71C
                                                                                                                                                                    SHA-256:35D145E5758625B5CCE58AAC031766C6816C0971DD8A0F4240E7A791DBEC24B3
                                                                                                                                                                    SHA-512:C069FD68DB3B30C18612E21052E94FA48DBA7F8F624E513FCB938D79E7722A38CAB5C2F2DD5D309F01F14C2565EBFBFC4D0EA6A3A078B0DC685B6BBEC77DD649
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.using System;.using System.Runtime.InteropServices;.public class Dir {. [DllImport("shell32.dll")]. private static extern int SHGetKnownFolderPath([MarshalAs(UnmanagedType.LPStruct)] Guid rfid, uint dwFlags, IntPtr hToken, out IntPtr pszPath);. public static string GetKnownFolderPath(string rfid) {. IntPtr pszPath;. if (SHGetKnownFolderPath(new Guid(rfid), 0, IntPtr.Zero, out pszPath) != 0) return "";. string path = Marshal.PtrToStringUni(pszPath);. Marshal.FreeCoTaskMem(pszPath);. return path;. }.}
                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                    File Type:UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):369
                                                                                                                                                                    Entropy (8bit):5.296830160656425
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2WXp+N23fXHotzxs7+AEszIWXp+N23fXHoI:p37Lvkmb6KH/EWZE8/B
                                                                                                                                                                    MD5:A1A9DB7428D587F2C624ED03C7526E1A
                                                                                                                                                                    SHA1:F23D229D9DB29099AA3ADB9A163644B705650650
                                                                                                                                                                    SHA-256:98E03380BE01F3EC152A6185C7A96685E408117C354CEF2D88A3E3F8D1629301
                                                                                                                                                                    SHA-512:3925E745B41D2E7AE23DFEE4A66995317F2325300F01EBC62E0EDD5D07931D0CB165B7D0AA4FE4A7F3E5F938E2788553C54FC047042EF748A39FB378DA8956F6
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.0.cs"
                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):3584
                                                                                                                                                                    Entropy (8bit):2.963448374201066
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:etGSq8Jm042x/g0P2r7qsIpkjVWtkZfUhuvtDBWI+ycuZhNT2akSinPNnq:6r/p/g0+r7nIKjXJUh8k1ulya32q
                                                                                                                                                                    MD5:4ADB51274F834A8289CDF76649556F88
                                                                                                                                                                    SHA1:7F94C451FBF6400E2FBE945F2EECD55194CB4A91
                                                                                                                                                                    SHA-256:6DB454846F2DB38AD9D73774B344A6BAEAC88E8278177621D3BFD55EB6D59E07
                                                                                                                                                                    SHA-512:630E04AE66DC8BED89C97757595AFCE6BA048FE451C2B34F0BE2B145371F148AF8CEE1D6CD157412C034E05B49E86FB8A8393F1A94D34E2AED21DC585BD1D9A8
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2g.b...........!.................$... ...@....... ....................................@..................................$..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................$......H........ ...............................................................0..*........s.....~......(....,.r...p*.(......(.....*..(....*..BSJB............v4.0.30319......l...|...#~..........#Strings....p.......#US.t.......#GUID.......l...#Blob...........G5........%3....................................................................+.$...2.$.....j.....j.....j...............5.j...T.$...`.j.................................... 7.....P ......L...... ......_...... ..e...............
                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                    File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators
                                                                                                                                                                    Category:modified
                                                                                                                                                                    Size (bytes):875
                                                                                                                                                                    Entropy (8bit):5.364905368698609
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:24:T8qd3ka6KHdE8MKaM5DqBVKVrdFAMBJTH:T8ika6AdE8MKxDcVKdBJj
                                                                                                                                                                    MD5:9346179170AF140C124537A812D09A66
                                                                                                                                                                    SHA1:3E9AEF263FEF3CAA9207A53A56E17DAD16002CA6
                                                                                                                                                                    SHA-256:56CEFFE748EB3F758B2BAB9BE29C95F30192C7154ED976EE7BCC25CEBA1BD95E
                                                                                                                                                                    SHA-512:72A6EBA1D1A4A5C5A8F9A7CCB30A42D8BC8EBDFA94972AA38ADBB1CAC14E0B06AEAC7851C581DC453B98F9C632F4A7531436562052837A3B7CF32154ECEA41D3
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:.C:\Program Files (x86)\AutoIt3> "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.0.cs"......Microsoft (R) Visual C# Compiler version 4.7.3056.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....
                                                                                                                                                                    Process:C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe
                                                                                                                                                                    File Type:data
                                                                                                                                                                    Category:dropped
                                                                                                                                                                    Size (bytes):45
                                                                                                                                                                    Entropy (8bit):0.9111711733157262
                                                                                                                                                                    Encrypted:false
                                                                                                                                                                    SSDEEP:3:/lwlt7n:WNn
                                                                                                                                                                    MD5:C8366AE350E7019AEFC9D1E6E6A498C6
                                                                                                                                                                    SHA1:5731D8A3E6568A5F2DFBBC87E3DB9637DF280B61
                                                                                                                                                                    SHA-256:11E6ACA8E682C046C83B721EEB5C72C5EF03CB5936C60DF6F4993511DDC61238
                                                                                                                                                                    SHA-512:33C980D5A638BFC791DE291EBF4B6D263B384247AB27F261A54025108F2F85374B579A026E545F81395736DD40FA4696F2163CA17640DD47F1C42BC9971B18CD
                                                                                                                                                                    Malicious:false
                                                                                                                                                                    Preview:........................................J2SE.
                                                                                                                                                                    File type:Zip archive data, at least v2.0 to extract
                                                                                                                                                                    Entropy (8bit):7.981311953832744
                                                                                                                                                                    TrID:
                                                                                                                                                                    • Java Archive (13504/1) 62.80%
                                                                                                                                                                    • ZIP compressed archive (8000/1) 37.20%
                                                                                                                                                                    File name:#U6837#U672c.jar
                                                                                                                                                                    File size:39147646
                                                                                                                                                                    MD5:8a5f40cbc394e138255c6d1a775d6a26
                                                                                                                                                                    SHA1:dc53deaa3b02534cead9e371010e00f91e229b50
                                                                                                                                                                    SHA256:6b96b0e9285822fb15c20d61ac65c9ba6028f423d5aaf7ebd4fa9fa9a435b838
                                                                                                                                                                    SHA512:7b8ef2bde2424c9590dd010a55b6030a934ebd1e680f36d173edfb16f8202ad48319a160290ad95f56cc44b9765eb875291594d9cee259558a30b78879990d51
                                                                                                                                                                    SSDEEP:786432:961qso+SsvZmE1oUEvkHPnWMK54+S64GCdXY1vJbaFwm/06P:961qdAvZnaUgcxK5IfdX+vJbiwm/00
                                                                                                                                                                    TLSH:A9872277A0CC1435EE77D132C4866827792D87E8E04B306A39F45797A9B7C8D87133AA
                                                                                                                                                                    File Content Preview:PK........3/AT3^..............META-INF/MANIFEST.MF}..j.0.D....~@jK)....K....."..%...d..}-.....h.......}...'$...z0.e.rN...X....Lf'....w.{.`..).!l.L....B-R..........4......l.......,...y............,5f......F6.z...3..3.d....86A.Ky=...Ww..=l....G@.N.O..i.....
                                                                                                                                                                    Icon Hash:d28c8e8ea2868ad6
                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                    May 21, 2022 15:27:05.963943005 CEST49753443192.168.2.3140.82.121.5
                                                                                                                                                                    May 21, 2022 15:27:05.964004993 CEST44349753140.82.121.5192.168.2.3
                                                                                                                                                                    May 21, 2022 15:27:05.964145899 CEST49753443192.168.2.3140.82.121.5
                                                                                                                                                                    May 21, 2022 15:27:06.391479969 CEST49753443192.168.2.3140.82.121.5
                                                                                                                                                                    May 21, 2022 15:27:06.391537905 CEST44349753140.82.121.5192.168.2.3
                                                                                                                                                                    May 21, 2022 15:27:06.441927910 CEST44349753140.82.121.5192.168.2.3
                                                                                                                                                                    May 21, 2022 15:27:06.442137003 CEST49753443192.168.2.3140.82.121.5
                                                                                                                                                                    May 21, 2022 15:27:06.604085922 CEST49753443192.168.2.3140.82.121.5
                                                                                                                                                                    May 21, 2022 15:27:06.604150057 CEST44349753140.82.121.5192.168.2.3
                                                                                                                                                                    May 21, 2022 15:27:06.604674101 CEST44349753140.82.121.5192.168.2.3
                                                                                                                                                                    May 21, 2022 15:27:06.604759932 CEST49753443192.168.2.3140.82.121.5
                                                                                                                                                                    May 21, 2022 15:27:06.605456114 CEST49753443192.168.2.3140.82.121.5
                                                                                                                                                                    May 21, 2022 15:27:06.605485916 CEST44349753140.82.121.5192.168.2.3
                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                    May 21, 2022 15:27:05.919822931 CEST5742153192.168.2.38.8.8.8
                                                                                                                                                                    May 21, 2022 15:27:05.940073967 CEST53574218.8.8.8192.168.2.3
                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                    May 21, 2022 15:27:05.919822931 CEST192.168.2.38.8.8.80xe8c0Standard query (0)api.github.comA (IP address)IN (0x0001)
                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                    May 21, 2022 15:27:05.940073967 CEST8.8.8.8192.168.2.30xe8c0No error (0)api.github.com140.82.121.5A (IP address)IN (0x0001)

                                                                                                                                                                    Click to jump to process

                                                                                                                                                                    Click to jump to process

                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                    Click to jump to process

                                                                                                                                                                    Target ID:0
                                                                                                                                                                    Start time:15:26:22
                                                                                                                                                                    Start date:21/05/2022
                                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\#U6837#U672c.jar"" >> C:\cmdlinestart.log 2>&1
                                                                                                                                                                    Imagebase:0xc20000
                                                                                                                                                                    File size:232960 bytes
                                                                                                                                                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:high

                                                                                                                                                                    Target ID:1
                                                                                                                                                                    Start time:15:26:23
                                                                                                                                                                    Start date:21/05/2022
                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                    Imagebase:0x7ff7c9170000
                                                                                                                                                                    File size:625664 bytes
                                                                                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:high

                                                                                                                                                                    Target ID:2
                                                                                                                                                                    Start time:15:26:23
                                                                                                                                                                    Start date:21/05/2022
                                                                                                                                                                    Path:C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\#U6837#U672c.jar"
                                                                                                                                                                    Imagebase:0x1200000
                                                                                                                                                                    File size:192376 bytes
                                                                                                                                                                    MD5 hash:28733BA8C383E865338638DF5196E6FE
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:Java
                                                                                                                                                                    Reputation:high

                                                                                                                                                                    Target ID:3
                                                                                                                                                                    Start time:15:26:26
                                                                                                                                                                    Start date:21/05/2022
                                                                                                                                                                    Path:C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
                                                                                                                                                                    Imagebase:0xbc0000
                                                                                                                                                                    File size:29696 bytes
                                                                                                                                                                    MD5 hash:FF0D1D4317A44C951240FAE75075D501
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:high

                                                                                                                                                                    Target ID:4
                                                                                                                                                                    Start time:15:26:26
                                                                                                                                                                    Start date:21/05/2022
                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                    Imagebase:0x7ff7c9170000
                                                                                                                                                                    File size:625664 bytes
                                                                                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:high

                                                                                                                                                                    Target ID:6
                                                                                                                                                                    Start time:15:26:28
                                                                                                                                                                    Start date:21/05/2022
                                                                                                                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:powershell.exe -EncodedCommand JgAgAHsACgBbAEMAbwBuAHMAbwBsAGUAXQA6ADoATwB1AHQAcAB1AHQARQBuAGMAbwBkAGkAbgBnACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgACgBBAGQAZAAtAFQAeQBwAGUAIABAACIACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQA7AAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMAOwAKAHAAdQBiAGwAaQBjACAAYwBsAGEAcwBzACAARABpAHIAIAB7AAoAIAAgAFsARABsAGwASQBtAHAAbwByAHQAKAAiAHMAaABlAGwAbAAzADIALgBkAGwAbAAiACkAXQAKACAAIABwAHIAaQB2AGEAdABlACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAGkAbgB0ACAAUwBIAEcAZQB0AEsAbgBvAHcAbgBGAG8AbABkAGUAcgBQAGEAdABoACgAWwBNAGEAcgBzAGgAYQBsAEEAcwAoAFUAbgBtAGEAbgBhAGcAZQBkAFQAeQBwAGUALgBMAFAAUwB0AHIAdQBjAHQAKQBdACAARwB1AGkAZAAgAHIAZgBpAGQALAAgAHUAaQBuAHQAIABkAHcARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGgAVABvAGsAZQBuACwAIABvAHUAdAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAApADsACgAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAHMAdAByAGkAbgBnACAARwBlAHQASwBuAG8AdwBuAEYAbwBsAGQAZQByAFAAYQB0AGgAKABzAHQAcgBpAG4AZwAgAHIAZgBpAGQAKQAgAHsACgAgACAAIAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAA7AAoAIAAgACAAIABpAGYAIAAoAFMASABHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoAG4AZQB3ACAARwB1AGkAZAAoAHIAZgBpAGQAKQAsACAAMAAsACAASQBuAHQAUAB0AHIALgBaAGUAcgBvACwAIABvAHUAdAAgAHAAcwB6AFAAYQB0AGgAKQAgACEAPQAgADAAKQAgAHIAZQB0AHUAcgBuACAAIgAiADsACgAgACAAIAAgAHMAdAByAGkAbgBnACAAcABhAHQAaAAgAD0AIABNAGEAcgBzAGgAYQBsAC4AUAB0AHIAVABvAFMAdAByAGkAbgBnAFUAbgBpACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAE0AYQByAHMAaABhAGwALgBGAHIAZQBlAEMAbwBUAGEAcwBrAE0AZQBtACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAHIAZQB0AHUAcgBuACAAcABhAHQAaAA7AAoAIAAgAH0ACgB9AAoAIgBAAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIANQBFADYAQwA4ADUAOABGAC0AMABFADIAMgAtADQANwA2ADAALQA5AEEARgBFAC0ARQBBADMAMwAxADcAQgA2ADcAMQA3ADMAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIAMwBFAEIANgA4ADUARABCAC0ANgA1AEYAOQAtADQAQwBGADYALQBBADAAMwBBAC0ARQAzAEUARgA2ADUANwAyADkARgAzAEQAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIARgAxAEIAMwAyADcAOAA1AC0ANgBGAEIAQQAtADQARgBDAEYALQA5AEQANQA1AC0ANwBCADgARQA3AEYAMQA1ADcAMAA5ADEAIgApAAoAfQA=
                                                                                                                                                                    Imagebase:0x890000
                                                                                                                                                                    File size:430592 bytes
                                                                                                                                                                    MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:.Net C# or VB.NET
                                                                                                                                                                    Reputation:high

                                                                                                                                                                    Target ID:8
                                                                                                                                                                    Start time:15:26:29
                                                                                                                                                                    Start date:21/05/2022
                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                    Imagebase:0x7ff7c9170000
                                                                                                                                                                    File size:625664 bytes
                                                                                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:high

                                                                                                                                                                    Target ID:19
                                                                                                                                                                    Start time:15:26:55
                                                                                                                                                                    Start date:21/05/2022
                                                                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.cmdline
                                                                                                                                                                    Imagebase:0xdd0000
                                                                                                                                                                    File size:2170976 bytes
                                                                                                                                                                    MD5 hash:350C52F71BDED7B99668585C15D70EEA
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:.Net C# or VB.NET
                                                                                                                                                                    Reputation:moderate

                                                                                                                                                                    Target ID:20
                                                                                                                                                                    Start time:15:26:59
                                                                                                                                                                    Start date:21/05/2022
                                                                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3439.tmp" "c:\Users\user\AppData\Local\Temp\yg5wq3iq\CSC2B87B97A30754CA98C52C2EC748AF94C.TMP"
                                                                                                                                                                    Imagebase:0x140000
                                                                                                                                                                    File size:43176 bytes
                                                                                                                                                                    MD5 hash:C09985AE74F0882F208D75DE27770DFA
                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                    Reputation:moderate

                                                                                                                                                                    Reset < >
                                                                                                                                                                      APIs
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000002.00000002.514667337.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_2_2_2850000_java.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: InitializeThunk
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 2994545307-0
                                                                                                                                                                      • Opcode ID: 0a781a21c5735bec173691e35dd9ff6793bc5ee5bf76361485c366f81aaab4d9
                                                                                                                                                                      • Instruction ID: b798c298d53ff8a8fa1a2d3cdbb70dbae6435c35981539b7cd4c28f00d6af5a6
                                                                                                                                                                      • Opcode Fuzzy Hash: 0a781a21c5735bec173691e35dd9ff6793bc5ee5bf76361485c366f81aaab4d9
                                                                                                                                                                      • Instruction Fuzzy Hash: 7C113ABA90033A9FDF248F48C4815ADB7F1FB98314B564166EC69E3342D7346920CB91
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000002.00000002.514682291.0000000002852000.00000040.00000800.00020000.00000000.sdmp, Offset: 02852000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_2_2_2852000_java.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: f082aca9aecd495deca97e5d74478cb8fc4d9c0a0e1313567f421f63a61d4603
                                                                                                                                                                      • Instruction ID: 0a23131b475dd7cd9138693875f5dbaed4070693bcda39ae2dac1ba832f97e62
                                                                                                                                                                      • Opcode Fuzzy Hash: f082aca9aecd495deca97e5d74478cb8fc4d9c0a0e1313567f421f63a61d4603
                                                                                                                                                                      • Instruction Fuzzy Hash: C891977DA04615DFDB19CF24C494BAAFBB1FF49318F088199ED1A9B381CB74A841CB91
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000002.00000002.514682291.0000000002852000.00000040.00000800.00020000.00000000.sdmp, Offset: 02852000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_2_2_2852000_java.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 555fa63f36e5015b255dacfdbaca21602db897192537f02a4358a55666f78f3e
                                                                                                                                                                      • Instruction ID: 99f89671434bb5319df8ff3632518a7b9df9cac0976704c654ee8f5b0455c6c4
                                                                                                                                                                      • Opcode Fuzzy Hash: 555fa63f36e5015b255dacfdbaca21602db897192537f02a4358a55666f78f3e
                                                                                                                                                                      • Instruction Fuzzy Hash: 8E31BF7CA08251AFC725CF20C1C8B28BBA2EB45309F15C0ADC4598F752CB76E856CB50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000002.00000002.514682291.0000000002852000.00000040.00000800.00020000.00000000.sdmp, Offset: 02852000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_2_2_2852000_java.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 5f2bf8e935483fe197188c8b5e6ab9d4444f0dbbaee8eb881ab332640367cb01
                                                                                                                                                                      • Instruction ID: ab9cd6b8ab7120f5f8987b77372806e018d94e90162fa253fccea5024a6a35e7
                                                                                                                                                                      • Opcode Fuzzy Hash: 5f2bf8e935483fe197188c8b5e6ab9d4444f0dbbaee8eb881ab332640367cb01
                                                                                                                                                                      • Instruction Fuzzy Hash: E701AD7850C3A68FC721CF58C48412D7BB2EF85304F15819AD9919B68BC638A94ACB63
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000002.00000002.514682291.0000000002852000.00000040.00000800.00020000.00000000.sdmp, Offset: 02852000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_2_2_2852000_java.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 02e340e0d61069ea35f339e4f2ecd7159fb5238a333c2b39f92ffc6c48ad1c7a
                                                                                                                                                                      • Instruction ID: eb9ef6c7f269e44f18b20bcd1f8ee5ba8b151484a69e7e5df6ed64867ab5f38e
                                                                                                                                                                      • Opcode Fuzzy Hash: 02e340e0d61069ea35f339e4f2ecd7159fb5238a333c2b39f92ffc6c48ad1c7a
                                                                                                                                                                      • Instruction Fuzzy Hash: 74F07FB5900B06ABEB05CF64C4947EAFBB8FB88714F15460AD82857340D3797565CBD0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000002.00000002.514682291.0000000002852000.00000040.00000800.00020000.00000000.sdmp, Offset: 02852000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_2_2_2852000_java.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: edfe9a63391ef8c184df69330829a1e2967c807c4e9f6c877fb29edc6e808472
                                                                                                                                                                      • Instruction ID: 9b6b6d11b20c31becb46600541dac2b69a04c1e9723549a3f3dca6b94cab655e
                                                                                                                                                                      • Opcode Fuzzy Hash: edfe9a63391ef8c184df69330829a1e2967c807c4e9f6c877fb29edc6e808472
                                                                                                                                                                      • Instruction Fuzzy Hash: 87F07FB5900A06ABDB058F64C4947DAF7B4BB88714F15421AD82857340D7797565CBC0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000002.00000002.514682291.0000000002852000.00000040.00000800.00020000.00000000.sdmp, Offset: 02852000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_2_2_2852000_java.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: c27735e0e7dc02d418f1c0b27b214a4f9b2e7ca76cf60c61b9686075333f1beb
                                                                                                                                                                      • Instruction ID: 1e15e4176903025ff790fc0ec93f0842102094de8db8aa56f24860ebed79d409
                                                                                                                                                                      • Opcode Fuzzy Hash: c27735e0e7dc02d418f1c0b27b214a4f9b2e7ca76cf60c61b9686075333f1beb
                                                                                                                                                                      • Instruction Fuzzy Hash: 9EF092B9910B06ABDB05CF64C4947CAFBF4BB48714F15421AD82867340D3797569CBC0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000002.00000002.514682291.0000000002852000.00000040.00000800.00020000.00000000.sdmp, Offset: 02852000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_2_2_2852000_java.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: ffefcc10b9921c36eb897ec2215f7c4db9d323c216ecb1f26e4ce529cb012b53
                                                                                                                                                                      • Instruction ID: 2ce6af86b0d5c82d32b701d7e45564a7c7e4948b3696bf723fabf4d39d3dfa5e
                                                                                                                                                                      • Opcode Fuzzy Hash: ffefcc10b9921c36eb897ec2215f7c4db9d323c216ecb1f26e4ce529cb012b53
                                                                                                                                                                      • Instruction Fuzzy Hash: 87F092B5900B06ABDB05CF64C4947CAFBB4BB48714F15421AD828A7340D779B665CBC0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000002.00000002.514682291.0000000002852000.00000040.00000800.00020000.00000000.sdmp, Offset: 02852000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_2_2_2852000_java.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: f6fd4e96af1346d4004dec79b1f648319b246c3e7ed6dd6e864f4b868178f30d
                                                                                                                                                                      • Instruction ID: 25b0e514c978d72b1c164bb2e707e912c4b8c2c02836564bf86fb241b81659b1
                                                                                                                                                                      • Opcode Fuzzy Hash: f6fd4e96af1346d4004dec79b1f648319b246c3e7ed6dd6e864f4b868178f30d
                                                                                                                                                                      • Instruction Fuzzy Hash: ECF092B5900B06ABDB05CF60C5947DAFBB4BB88714F15421AD82867340D779B565CBC0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000002.00000002.514682291.0000000002852000.00000040.00000800.00020000.00000000.sdmp, Offset: 02852000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_2_2_2852000_java.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: c27735e0e7dc02d418f1c0b27b214a4f9b2e7ca76cf60c61b9686075333f1beb
                                                                                                                                                                      • Instruction ID: 1e15e4176903025ff790fc0ec93f0842102094de8db8aa56f24860ebed79d409
                                                                                                                                                                      • Opcode Fuzzy Hash: c27735e0e7dc02d418f1c0b27b214a4f9b2e7ca76cf60c61b9686075333f1beb
                                                                                                                                                                      • Instruction Fuzzy Hash: 9EF092B9910B06ABDB05CF64C4947CAFBF4BB48714F15421AD82867340D3797569CBC0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000002.00000002.514682291.0000000002852000.00000040.00000800.00020000.00000000.sdmp, Offset: 02852000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_2_2_2852000_java.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: d45fece02454e8345b9dbbe99301d4c1425c848bdca17c6dc3c80e5ea8529acc
                                                                                                                                                                      • Instruction ID: 7b6af2e3c3c9e595884b03d0309a0e15c0f3170a475b45410408e6864eed62d7
                                                                                                                                                                      • Opcode Fuzzy Hash: d45fece02454e8345b9dbbe99301d4c1425c848bdca17c6dc3c80e5ea8529acc
                                                                                                                                                                      • Instruction Fuzzy Hash: 99F0C2B6D00B06ABDB058F64C0947CAFBB4BB48724F15461AD82867300D3787665CBC0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000002.00000002.514682291.0000000002852000.00000040.00000800.00020000.00000000.sdmp, Offset: 02852000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_2_2_2852000_java.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 29d9c4fde7e48ce20126dc74f69a3245a72b7686183f3e01221375de94c9a6cc
                                                                                                                                                                      • Instruction ID: 7a8c06144b7637e6ff8752dbab8287655abae06e61e4238bb186bf553c07fa74
                                                                                                                                                                      • Opcode Fuzzy Hash: 29d9c4fde7e48ce20126dc74f69a3245a72b7686183f3e01221375de94c9a6cc
                                                                                                                                                                      • Instruction Fuzzy Hash: 85F0C2B6D00B06ABDB048F64C0947CAFBB4BB48724F15461AD82867300D3787665CFC0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000002.00000002.514682291.0000000002852000.00000040.00000800.00020000.00000000.sdmp, Offset: 02852000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_2_2_2852000_java.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: b9a91f4228aaa5bbc006f87e6b2f547aa31caede9bbdcb12a2cf0e5df2f49f69
                                                                                                                                                                      • Instruction ID: cc822dd67f6ba5f7010860e98be941715eff61b56413bda8167a9d6a9822b093
                                                                                                                                                                      • Opcode Fuzzy Hash: b9a91f4228aaa5bbc006f87e6b2f547aa31caede9bbdcb12a2cf0e5df2f49f69
                                                                                                                                                                      • Instruction Fuzzy Hash: 34F0C2B6D00B06ABDB458F60C0947CAFBB4BB48724F15461AD82867300D7787665CBC0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000002.00000002.514682291.0000000002852000.00000040.00000800.00020000.00000000.sdmp, Offset: 02852000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_2_2_2852000_java.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 5881d39ca5885d10aa223babd9bd547d6570c090d0a534144a8962d08ad4cbff
                                                                                                                                                                      • Instruction ID: 1b4111ab5bcd2051ac2a043432c52b92d5ade9b92b0b003227027903080d1b31
                                                                                                                                                                      • Opcode Fuzzy Hash: 5881d39ca5885d10aa223babd9bd547d6570c090d0a534144a8962d08ad4cbff
                                                                                                                                                                      • Instruction Fuzzy Hash: 09F0C2B6D00B06ABDB058F64C0947DAFBB4BB48724F154A1AD82863300D3787665CBC0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000002.00000002.514682291.0000000002852000.00000040.00000800.00020000.00000000.sdmp, Offset: 02852000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_2_2_2852000_java.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 83806ae4896938ef2dc51528e48e7ef075eeb91c28766772907ac50c1ab8c9ac
                                                                                                                                                                      • Instruction ID: 09417f8d3436ca85b31dc06322f4112453e215b6b4f1dbf93443d19fd7d22faf
                                                                                                                                                                      • Opcode Fuzzy Hash: 83806ae4896938ef2dc51528e48e7ef075eeb91c28766772907ac50c1ab8c9ac
                                                                                                                                                                      • Instruction Fuzzy Hash: 0CF0C2B6D00B06ABDB058F64C1947CAFBB4BB48724F15461AD82863340D378B665CBC0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000002.00000002.514682291.0000000002852000.00000040.00000800.00020000.00000000.sdmp, Offset: 02852000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_2_2_2852000_java.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: b9a91f4228aaa5bbc006f87e6b2f547aa31caede9bbdcb12a2cf0e5df2f49f69
                                                                                                                                                                      • Instruction ID: cc822dd67f6ba5f7010860e98be941715eff61b56413bda8167a9d6a9822b093
                                                                                                                                                                      • Opcode Fuzzy Hash: b9a91f4228aaa5bbc006f87e6b2f547aa31caede9bbdcb12a2cf0e5df2f49f69
                                                                                                                                                                      • Instruction Fuzzy Hash: 34F0C2B6D00B06ABDB458F60C0947CAFBB4BB48724F15461AD82867300D7787665CBC0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000002.00000002.514682291.0000000002852000.00000040.00000800.00020000.00000000.sdmp, Offset: 02852000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_2_2_2852000_java.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 27667f907c4615159499360432c071534421ce8494c20f85601cbdaf6041c211
                                                                                                                                                                      • Instruction ID: f93cfa79dd9ba787a3a3bb32d08104b4d069340d844b3800ecf0f0fd49a3f831
                                                                                                                                                                      • Opcode Fuzzy Hash: 27667f907c4615159499360432c071534421ce8494c20f85601cbdaf6041c211
                                                                                                                                                                      • Instruction Fuzzy Hash: 3FF0C2B6D10B06ABDB04CF64C0947CAFBB4BB48724F15461AD82867300D3787665CBC0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000002.00000002.514682291.0000000002852000.00000040.00000800.00020000.00000000.sdmp, Offset: 02852000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_2_2_2852000_java.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: f2270d60270d5215b0906a6373bf98d835dc6aae7a7bfb5acbe5471c0653078d
                                                                                                                                                                      • Instruction ID: dc6c7505d9e9972ab42081b8399881527f1e05f8dbfbbdb71cf4308b77eac2d5
                                                                                                                                                                      • Opcode Fuzzy Hash: f2270d60270d5215b0906a6373bf98d835dc6aae7a7bfb5acbe5471c0653078d
                                                                                                                                                                      • Instruction Fuzzy Hash: 37F0C2B6D00B06ABDB048F64C4947CAFBB4BB48724F15461AD82863300D3787665CBD0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000002.00000002.514682291.0000000002852000.00000040.00000800.00020000.00000000.sdmp, Offset: 02852000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_2_2_2852000_java.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 4b73f5278d4d7a492e9d04c94b2c67b8554be584f3e0326b4f3455b02faaad6a
                                                                                                                                                                      • Instruction ID: 37298c7a5c7cb1e4a50d2b4d48b18ccb3ba594223ba6c437001cc24ab4d72f58
                                                                                                                                                                      • Opcode Fuzzy Hash: 4b73f5278d4d7a492e9d04c94b2c67b8554be584f3e0326b4f3455b02faaad6a
                                                                                                                                                                      • Instruction Fuzzy Hash: 38F0C2B5D00A06ABDB04CF64C19479AF7F0BB48718F15421AD82863300D378B565CBC0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000002.00000002.514682291.0000000002852000.00000040.00000800.00020000.00000000.sdmp, Offset: 02852000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_2_2_2852000_java.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: d2f757f56b56ae10c082c02ae97b3c83b61608dce336a01f0c718316c552156f
                                                                                                                                                                      • Instruction ID: 264c56b9e52ff388c42c95f62c5845b2b03c11f388fd952b6f7307cd081cf00b
                                                                                                                                                                      • Opcode Fuzzy Hash: d2f757f56b56ae10c082c02ae97b3c83b61608dce336a01f0c718316c552156f
                                                                                                                                                                      • Instruction Fuzzy Hash: 95D0EABDC0422E9BDF049B8084A57AEBB71AB48315F258589CC51B3340E77929558AA1
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000002.00000002.514667337.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_2_2_2850000_java.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: a012a9fb5cf5d9e1554885d89a3030425dd9bcc3e3bcfa4e280c99466c7885fc
                                                                                                                                                                      • Instruction ID: 7b5ac8578a8d8b5394773cf26f366d13679f9333e2bac44cfbc7365108908017
                                                                                                                                                                      • Opcode Fuzzy Hash: a012a9fb5cf5d9e1554885d89a3030425dd9bcc3e3bcfa4e280c99466c7885fc
                                                                                                                                                                      • Instruction Fuzzy Hash: 0121D6BE5082668FDB358F158C407D9B7E5AB58318F21882DDECDEB710D3306A898B55
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Execution Graph

                                                                                                                                                                      Execution Coverage:6.8%
                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                                      Total number of Nodes:24
                                                                                                                                                                      Total number of Limit Nodes:0
                                                                                                                                                                      execution_graph 39993 8484ae0 39994 8484b11 39993->39994 39995 8484bea 39994->39995 39997 8483f60 39994->39997 39998 8483f83 39997->39998 39999 8484007 39998->39999 40001 8483a80 39998->40001 39999->39995 40002 8483a94 40001->40002 40003 8483a9b 40002->40003 40005 8482568 40002->40005 40003->39999 40007 8482591 40005->40007 40006 84825c1 40006->40003 40007->40006 40009 8482170 40007->40009 40012 8481528 40009->40012 40013 8481560 40012->40013 40016 848e1d8 40013->40016 40014 848159c 40014->40006 40019 848e201 40016->40019 40017 848e70f IdentifyCodeAuthzLevelW 40018 848e75f 40017->40018 40019->40017 40020 848f1f0 40021 848f22c 40020->40021 40023 848e1d8 IdentifyCodeAuthzLevelW 40021->40023 40022 848f47f 40023->40022

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 320 7f18390-7f183cf 322 7f183d5-7f18417 320->322 323 7f18d4d-7f18db6 320->323 330 7f18650-7f18683 322->330 331 7f1841d-7f184b0 322->331 341 7f18689-7f186ec 330->341 342 7f1878a-7f187a0 330->342 391 7f184b6-7f184d1 331->391 392 7f1862f-7f1864e 331->392 386 7f18772-7f18787 341->386 387 7f186f2-7f1870a 341->387 347 7f187a2-7f187a8 342->347 348 7f187ae-7f187dd 342->348 347->348 350 7f1885c-7f1889d call 7f17960 347->350 363 7f18815-7f18859 call 7f17960 348->363 364 7f187df-7f187fa call 7f17960 348->364 373 7f188df-7f18906 350->373 374 7f1889f-7f188c7 350->374 379 7f18912-7f18918 373->379 374->373 397 7f188c9-7f188d4 374->397 382 7f1891a-7f18928 379->382 383 7f1892e-7f18934 379->383 382->383 402 7f18a0a-7f18a10 382->402 388 7f18936-7f18944 383->388 389 7f1894a-7f18956 383->389 386->342 393 7f1871d-7f18727 387->393 394 7f1870c-7f18710 387->394 388->389 388->402 409 7f189a2-7f189ae 389->409 410 7f18958-7f1898a 389->410 399 7f184d3-7f184d7 391->399 400 7f184e7-7f184f4 391->400 392->330 416 7f18729-7f1872f 393->416 417 7f1873f-7f18745 393->417 394->393 401 7f18712-7f18715 394->401 411 7f188dd 397->411 399->400 407 7f184d9-7f184df 399->407 422 7f184f6-7f184fc 400->422 423 7f1850c-7f18512 400->423 401->393 405 7f18a16-7f18a7b 402->405 406 7f18c2b-7f18c31 402->406 462 7f18a81-7f18a95 405->462 463 7f18bd4-7f18bf5 405->463 412 7f18c37-7f18c8e 406->412 413 7f18d2e-7f18d35 406->413 407->400 409->402 431 7f189b0-7f189e2 409->431 410->409 446 7f1898c-7f1899c 410->446 411->379 464 7f18c90-7f18cb1 412->464 465 7f18ce4-7f18cf9 412->465 424 7f18731 416->424 425 7f18733-7f18735 416->425 418 7f18752-7f18770 417->418 419 7f18747-7f1874b 417->419 418->386 418->387 419->418 429 7f1874d-7f1874f 419->429 432 7f18500-7f18502 422->432 433 7f184fe 422->433 427 7f18514-7f18518 423->427 428 7f1851f-7f18536 423->428 424->417 425->417 427->428 434 7f1851a-7f1851c 427->434 442 7f1861a-7f18629 428->442 443 7f1853c-7f18581 428->443 429->418 431->402 454 7f189e4-7f189fa 431->454 432->423 433->423 434->428 442->391 442->392 475 7f18583-7f1858a 443->475 476 7f185ea-7f185ff 443->476 446->409 454->402 467 7f18b5b-7f18b7f 462->467 468 7f18a9b-7f18ab6 462->468 463->406 477 7f18cb3-7f18cb9 464->477 478 7f18cc9-7f18ce2 464->478 465->413 487 7f18b81-7f18b87 467->487 488 7f18b99-7f18bce 467->488 468->467 479 7f18abc-7f18b02 468->479 480 7f1859d-7f185a7 475->480 481 7f1858c-7f18590 475->481 476->442 484 7f18cbb 477->484 485 7f18cbd-7f18cbf 477->485 478->464 478->465 512 7f18b43-7f18b58 479->512 513 7f18b04-7f18b11 479->513 494 7f185a9-7f185af 480->494 495 7f185bf-7f185c5 480->495 481->480 486 7f18592-7f18595 481->486 484->478 485->478 486->480 491 7f18b89 487->491 492 7f18b8b-7f18b97 487->492 488->462 488->463 491->488 492->488 500 7f185b1 494->500 501 7f185b3-7f185b5 494->501 502 7f185d2-7f185e8 495->502 503 7f185c7-7f185cb 495->503 500->495 501->495 502->475 502->476 503->502 505 7f185cd-7f185cf 503->505 505->502 512->467 516 7f18b13-7f18b19 513->516 517 7f18b29-7f18b41 513->517 518 7f18b1b 516->518 519 7f18b1d-7f18b1f 516->519 517->512 517->513 518->517 519->517
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337211265.0000000007F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F10000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_7f10000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 604f49e4c44cd9ecfe702898b95cbc6cf38da2549a37808bb89c165364f481d7
                                                                                                                                                                      • Instruction ID: 4c8b92dbd93d4b878fec6f8b1fcaeb050b539410027923f538a146f195723676
                                                                                                                                                                      • Opcode Fuzzy Hash: 604f49e4c44cd9ecfe702898b95cbc6cf38da2549a37808bb89c165364f481d7
                                                                                                                                                                      • Instruction Fuzzy Hash: 735237B0A00249DFDB14DF24C950BAEB3A2EF89358F1485A9D909AB394DB39ED41CF51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 889 848b1f0-848b220 891 848b231-848b243 889->891 892 848b222-848b22f 889->892 893 848b249-848b257 891->893 894 848b5c7-848b5d0 891->894 892->891 904 848ba3d-848bb13 893->904 905 848b25d-848b262 893->905 895 848b853-848b865 894->895 896 848b5d6-848b5d9 894->896 908 848b86c-848b879 895->908 909 848b867-848b86a 895->909 898 848b88b-848b88f 896->898 899 848b5df-848b5e5 896->899 906 848b891-848b8b2 898->906 907 848b8b7-848b8c7 898->907 902 848b5eb 899->902 903 848b9de-848b9e2 899->903 910 848b718-848b726 902->910 911 848b66b-848b67b 902->911 912 848b6cc-848b6da 902->912 913 848b8cc-848b8d6 902->913 914 848b77c-848b799 902->914 915 848b6df-848b6ed 902->915 916 848b936-848b947 902->916 918 848b9fc-848ba02 903->918 919 848b9e4-848b9fa 903->919 939 848bb1b 904->939 905->894 917 848b268-848b2a1 905->917 925 848ba15-848ba1e 906->925 907->925 922 848b87b-848b886 908->922 909->922 910->925 911->925 912->925 913->903 921 848b8dc-848b8f5 913->921 945 848b79b-848b7a1 914->945 946 848b7b1-848b7fb 914->946 915->925 916->925 952 848b2b2-848b2c1 917->952 953 848b2a3-848b2b0 917->953 934 848ba0a 918->934 919->934 922->925 1057 848ba0d call 848a4e8 934->1057 1058 848ba0d call 848a652 934->1058 1059 848bb1d call 848b680 939->1059 1060 848bb1d call 848b1f0 939->1060 1061 848bb1d call 848b641 939->1061 1062 848bb1d call 848b604 939->1062 1063 848bb1d call 848b705 939->1063 1064 848bb1d call 848b656 939->1064 1065 848bb1d call 848b617 939->1065 942 848ba13 942->925 943 848bb23-848bb27 947 848bb29-848bb44 943->947 948 848bba4-848bba6 943->948 950 848b7a3 945->950 951 848b7a5-848b7a7 945->951 946->904 977 848b801-848b83e 946->977 968 848bb54-848bb59 947->968 969 848bb46-848bb52 947->969 954 848bba8-848bbba 948->954 955 848bbbd-848bbc6 948->955 950->946 951->946 952->894 958 848b2c7-848b2ce 952->958 953->952 958->894 960 848b2d4-848b2db 958->960 964 848b2e1-848b2fc 960->964 965 848b426-848b42d 960->965 985 848b2fe-848b31e 964->985 986 848b33f-848b346 964->986 966 848b58b-848b5ab 965->966 967 848b433-848b451 965->967 983 848b5bc-848b5c4 966->983 984 848b5ad-848b5ba 966->984 978 848b48e-848b4b0 967->978 979 848b453-848b467 967->979 975 848bb60-848bb62 968->975 969->975 980 848bb64 975->980 981 848bb66-848bb78 975->981 1028 848ba1f-848ba36 977->1028 1029 848b844-848b84e 977->1029 1015 848b564-848b577 978->1015 1016 848b4b6-848b4db 978->1016 995 848b469 979->995 996 848b470-848b48b 979->996 980->981 997 848bb7a-848bb84 981->997 998 848bb86-848bb8a 981->998 983->894 984->983 1004 848b32f-848b33a 985->1004 1005 848b320-848b32d 985->1005 987 848b348-848b34d 986->987 988 848b355-848b35f 986->988 987->988 988->904 994 848b365-848b384 988->994 1017 848b39c-848b3cf 994->1017 1018 848b386-848b38c 994->1018 995->996 996->978 997->998 1002 848bb8c 998->1002 1003 848bb94-848bb98 998->1003 1002->1003 1003->948 1009 848bb9a-848bb9e 1003->1009 1004->894 1005->1004 1009->939 1009->948 1020 848b579-848b57d 1015->1020 1036 848b4dd-848b4e3 1016->1036 1037 848b4f3-848b562 1016->1037 1038 848b3de-848b3e8 1017->1038 1039 848b3d1-848b3d6 1017->1039 1021 848b38e 1018->1021 1022 848b390-848b392 1018->1022 1023 848b588 1020->1023 1024 848b57f 1020->1024 1021->1017 1022->1017 1023->966 1024->1023 1028->904 1029->925 1041 848b4e5 1036->1041 1042 848b4e7-848b4e9 1036->1042 1037->1020 1038->904 1044 848b3ee-848b421 1038->1044 1039->1038 1041->1037 1042->1037 1044->894 1057->942 1058->942 1059->943 1060->943 1061->943 1062->943 1063->943 1064->943 1065->943
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337599272.0000000008480000.00000040.00000800.00020000.00000000.sdmp, Offset: 08480000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8480000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: f39d1757aa727536782d4a0ea4082c8f974e7f823650c939ec5a1f5867032dc5
                                                                                                                                                                      • Instruction ID: 699dbba4efd70f4b745d108fa9c3508d7c889921da380d73692881aec4330923
                                                                                                                                                                      • Opcode Fuzzy Hash: f39d1757aa727536782d4a0ea4082c8f974e7f823650c939ec5a1f5867032dc5
                                                                                                                                                                      • Instruction Fuzzy Hash: 31326F34B00208CFDB14EBA9D494AAEBBF2EF89365F15846AD4069B355DB35EC06CF50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 1264 848a652-848a659 1265 848a9bc-848a9c2 1264->1265 1266 848a65f-848a669 1264->1266 1447 848a9c4 call 845f310 1265->1447 1448 848a9c4 call 8488af0 1265->1448 1267 848a6d9-848a6e0 1266->1267 1268 848a66b-848a68d 1266->1268 1269 848a82a-848a849 1267->1269 1270 848a6e6 1267->1270 1285 848a68f-848a695 1268->1285 1286 848a6a5-848a6cd 1268->1286 1297 848a84b-848a858 1269->1297 1298 848a8a2-848a8a4 1269->1298 1276 848a6f2-848a6f8 call 848b1f0 1270->1276 1271 848a9ca-848a9cc 1273 848a9ce-848a9d4 1271->1273 1274 848a9e4 1271->1274 1278 848a9d8-848a9da 1273->1278 1279 848a9d6 1273->1279 1275 848a9e6-848a9e8 1274->1275 1280 848a9ea-848a9f1 1275->1280 1281 848aa0e-848aa18 1275->1281 1289 848a6fe-848a703 1276->1289 1278->1274 1279->1274 1283 848a9fc-848aa09 1280->1283 1284 848a9f3-848a9f6 1280->1284 1287 848aa38-848aa3f 1281->1287 1288 848aa1a-848aa32 1281->1288 1308 848aad3-848aaea 1283->1308 1284->1283 1291 848a699-848a69b 1285->1291 1292 848a697 1285->1292 1286->1267 1295 848aa5a-848aa69 1287->1295 1296 848aa41-848aa58 1287->1296 1288->1287 1288->1308 1293 848a709-848a734 1289->1293 1294 848a7c7-848a81d 1289->1294 1291->1286 1292->1286 1344 848a74c-848a7ad 1293->1344 1345 848a736-848a73c 1293->1345 1316 848aa6b-848aa87 1295->1316 1296->1316 1299 848a85a-848a869 1297->1299 1300 848a86b-848a8a0 1297->1300 1303 848a8b1-848a8bf 1298->1303 1304 848a8a6-848a8af 1298->1304 1299->1300 1300->1297 1300->1298 1310 848a8c1-848a8cf 1303->1310 1304->1310 1329 848aafb-848aafe 1308->1329 1330 848aaec-848aaef 1308->1330 1312 848a8d1-848a8df 1310->1312 1313 848a8e4-848a917 1310->1313 1320 848a983-848a9a0 1312->1320 1332 848a919-848a961 1313->1332 1333 848a963-848a981 1313->1333 1350 848aa89-848aa8f 1316->1350 1351 848aa9f-848aac7 1316->1351 1361 848ada3-848adc6 1320->1361 1362 848a9a6-848a9ba 1320->1362 1335 848ab18-848ab1d 1329->1335 1337 848ab00-848ab03 1329->1337 1330->1335 1336 848aaf1-848aaf4 1330->1336 1332->1333 1333->1320 1339 848ad11-848ad15 1335->1339 1336->1335 1342 848aaf6 1336->1342 1337->1335 1343 848ab05-848ab0b 1337->1343 1352 848ad1b-848ad25 1339->1352 1353 848a552-848a576 1339->1353 1354 848ac8d-848acaf 1342->1354 1343->1354 1356 848ab11 1343->1356 1423 848a7b3-848a7c4 1344->1423 1424 848ad85-848ad9c 1344->1424 1346 848a73e 1345->1346 1347 848a740-848a742 1345->1347 1346->1344 1347->1344 1364 848aa91 1350->1364 1365 848aa93-848aa95 1350->1365 1351->1308 1366 848ad31-848ad57 1352->1366 1367 848ad27-848ad30 1352->1367 1359 848a578-848a582 1353->1359 1360 848a5d1-848a5e1 1353->1360 1394 848acb1-848acb7 1354->1394 1395 848acc7-848ad0e 1354->1395 1356->1335 1356->1354 1357 848ab22-848ab4d 1356->1357 1358 848abd3-848ac08 1356->1358 1357->1339 1411 848ab53-848ab82 1357->1411 1409 848ac0a-848ac10 1358->1409 1410 848ac20-848ac7d 1358->1410 1359->1360 1369 848a584-848a5a8 1359->1369 1450 848a5e7 call 8489de0 1360->1450 1451 848a5e7 call 84897a3 1360->1451 1362->1275 1364->1351 1365->1351 1401 848ad63-848ad74 call 84875a2 1366->1401 1390 848a63c 1369->1390 1391 848a5ae-848a5b6 1369->1391 1376 848a5ed-848a5f5 1383 848a627-848a63a 1376->1383 1384 848a5f7-848a614 1376->1384 1388 848a641-848a650 1383->1388 1384->1383 1413 848a616-848a621 1384->1413 1388->1264 1390->1388 1391->1360 1397 848a5b8-848a5c9 1391->1397 1398 848acb9 1394->1398 1399 848acbb-848acbd 1394->1399 1395->1339 1397->1360 1398->1395 1399->1395 1412 848ad7a-848ad84 1401->1412 1414 848ac12 1409->1414 1415 848ac14-848ac16 1409->1415 1410->1339 1445 848ac83-848ac88 1410->1445 1433 848ab9a-848abce 1411->1433 1434 848ab84-848ab8a 1411->1434 1413->1383 1414->1410 1415->1410 1423->1294 1424->1361 1433->1339 1435 848ab8c 1434->1435 1436 848ab8e-848ab90 1434->1436 1435->1433 1436->1433 1445->1339 1447->1271 1448->1271 1450->1376 1451->1376
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337599272.0000000008480000.00000040.00000800.00020000.00000000.sdmp, Offset: 08480000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8480000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: a1a2990f59368b8724808550be984bc601fd1c320ca869315187ba90eed8900b
                                                                                                                                                                      • Instruction ID: 8f7f33bfa22353d50b4814e5187cc3735c8e8d9e5e214ffd46068e67249d49b1
                                                                                                                                                                      • Opcode Fuzzy Hash: a1a2990f59368b8724808550be984bc601fd1c320ca869315187ba90eed8900b
                                                                                                                                                                      • Instruction Fuzzy Hash: 19324A34F00218CFDB24EB64D854BAEB7B2AF88255F1580AAD50ADB351DF749D42CF52
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 1453 8489de0-8489e06 call 84897a3 1456 8489e08-8489e0c 1453->1456 1457 8489e0e-8489e17 1453->1457 1456->1457 1458 8489e18-8489e4b 1456->1458 1463 8489f51-8489f7c 1458->1463 1464 8489e51-8489e6a 1458->1464 1469 8489f18-8489f28 1464->1469 1470 8489e70-8489e91 1464->1470 1474 8489f2a-8489f34 1469->1474 1475 8489f36-8489f3a 1469->1475 1481 8489ea9-8489f01 1470->1481 1482 8489e93-8489e99 1470->1482 1474->1475 1476 8489f3c 1475->1476 1477 8489f44-8489f4b 1475->1477 1476->1477 1477->1463 1477->1464 1491 8489f7d-8489fe7 1481->1491 1492 8489f03-8489f16 1481->1492 1483 8489e9b 1482->1483 1484 8489e9d-8489e9f 1482->1484 1483->1481 1484->1481 1499 8489fe9-8489ff0 1491->1499 1500 848a03c-848a049 1491->1500 1492->1463 1499->1500 1501 8489ff2-848a016 1499->1501 1586 848a04c call 8489de0 1500->1586 1587 848a04c call 84897a3 1500->1587 1507 848a48a 1501->1507 1508 848a01c-848a024 1501->1508 1502 848a052-848a057 1503 848a059-848a071 1502->1503 1504 848a076-848a09f 1502->1504 1506 848a48f-848a49a 1503->1506 1504->1507 1513 848a0a5-848a0ad 1504->1513 1507->1506 1508->1500 1510 848a026-848a034 1508->1510 1510->1500 1514 848a10b-848a18f 1513->1514 1515 848a0af-848a0c1 1513->1515 1514->1507 1528 848a195-848a199 1514->1528 1518 848a0ed-848a106 1515->1518 1519 848a0c3-848a0e8 1515->1519 1518->1506 1519->1506 1529 848a19c-848a1b3 1528->1529 1532 848a1b9-848a1da 1529->1532 1533 848a25d-848a272 1529->1533 1548 848a1dc-848a1e2 1532->1548 1549 848a1f2-848a249 1532->1549 1536 848a284-848a2a4 1533->1536 1537 848a274-848a281 1533->1537 1536->1507 1538 848a2aa-848a2b2 1536->1538 1537->1536 1541 848a2b8-848a2e4 1538->1541 1542 848a37b-848a38d 1538->1542 1559 848a2e6-848a345 1541->1559 1560 848a347-848a34b 1541->1560 1542->1507 1543 848a393-848a3a0 1542->1543 1545 848a43f-848a44c 1543->1545 1546 848a3a6-848a415 1543->1546 1545->1529 1546->1545 1579 848a417-848a42d 1546->1579 1550 848a1e4 1548->1550 1551 848a1e6-848a1e8 1548->1551 1576 848a46c-848a483 1549->1576 1577 848a24f-848a25a 1549->1577 1550->1549 1551->1549 1559->1560 1563 848a451-848a46a 1560->1563 1564 848a351-848a376 1560->1564 1563->1506 1564->1506 1576->1507 1577->1533 1579->1507 1585 848a42f-848a439 1579->1585 1585->1545 1585->1546 1586->1502 1587->1502
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337599272.0000000008480000.00000040.00000800.00020000.00000000.sdmp, Offset: 08480000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8480000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 9604cd1c12d14580484313ee4077de2a3d03f65cda70cf3ff49b7fa828963bca
                                                                                                                                                                      • Instruction ID: 04af5900afd5464502c31bcc1e5807a472345402dbf91887a23aadb539ef5f34
                                                                                                                                                                      • Opcode Fuzzy Hash: 9604cd1c12d14580484313ee4077de2a3d03f65cda70cf3ff49b7fa828963bca
                                                                                                                                                                      • Instruction Fuzzy Hash: FB225E34A00218CFCB14EFA8D598A6EBBF2FF88315F15846AD5059B355DB75AC42CF81
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337599272.0000000008480000.00000040.00000800.00020000.00000000.sdmp, Offset: 08480000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8480000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 89f4a81675f0eb9cadb2bc1cbf037446667c674c8c1c22abb586089839613d25
                                                                                                                                                                      • Instruction ID: 3549b2b63e0dd6d9ad01a3033235b51f9a19291e1e2fea222cbd0030bbd65c7d
                                                                                                                                                                      • Opcode Fuzzy Hash: 89f4a81675f0eb9cadb2bc1cbf037446667c674c8c1c22abb586089839613d25
                                                                                                                                                                      • Instruction Fuzzy Hash: 7A123C34B00605CFCB14EFA8D894AAEBBF2FF84356B15842AD9069B355DB35AC42CF51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 09a0bef337d968575d3e5f35bf636de79b7b5fa1f898f7793bbf8a0235111d31
                                                                                                                                                                      • Instruction ID: 83769ca912c787bdfdb8b160bbb0cb0c747aa82e36dff03d26a5bb07499586f5
                                                                                                                                                                      • Opcode Fuzzy Hash: 09a0bef337d968575d3e5f35bf636de79b7b5fa1f898f7793bbf8a0235111d31
                                                                                                                                                                      • Instruction Fuzzy Hash: 8AD1CD34A006459FDB04DFB4D8546AEBBB3EF85305F15846EDA06EB390DF38AC068B91
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: ff0eb511b890099646a66e2acda82cf497bba34ef9969b9021abbcc7b8b8d92a
                                                                                                                                                                      • Instruction ID: 420023a0ba3dd3d29f41c32f925bccae39dc969c1a1b570980e4c5591aeecdcb
                                                                                                                                                                      • Opcode Fuzzy Hash: ff0eb511b890099646a66e2acda82cf497bba34ef9969b9021abbcc7b8b8d92a
                                                                                                                                                                      • Instruction Fuzzy Hash: FBB19B34A002058FCB04DFA9D994AAEB7F3EF88345F158429E9069B395DF74EC42CB91
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 0 848e1d8-848e1fb 1 848e5fc-848e6fe 0->1 2 848e201-848e20c 0->2 18 848e70f-848e75d IdentifyCodeAuthzLevelW 1->18 19 848e700-848e70c 1->19 2->1 5 848e212-848e249 2->5 14 848e52a-848e54c 5->14 15 848e24f-848e25f 5->15 23 848e54e 14->23 24 848e557 14->24 25 848e40d-848e42d 15->25 26 848e265-848e278 15->26 20 848e75f-848e765 18->20 21 848e766-848e7af 18->21 19->18 20->21 34 848e7c1-848e7c8 21->34 35 848e7b1-848e7b7 21->35 23->24 24->1 36 848e44d-848e468 25->36 37 848e42f-848e445 25->37 32 848e27e-848e28b 26->32 33 848e326-848e333 26->33 46 848e28d-848e293 32->46 47 848e2a3-848e2af 32->47 48 848e34b-848e364 33->48 49 848e335-848e33b 33->49 38 848e7ca-848e7d9 34->38 39 848e7df 34->39 35->34 44 848e46a-848e487 36->44 45 848e4df-848e524 36->45 37->36 38->39 64 848e4b8-848e4d1 44->64 65 848e489-848e4b6 44->65 45->14 45->15 51 848e295 46->51 52 848e297-848e299 46->52 47->33 60 848e2b1-848e2be 47->60 67 848e37c-848e391 call 848db48 48->67 68 848e366-848e36c 48->68 53 848e33d 49->53 54 848e33f-848e341 49->54 51->47 52->47 53->48 54->48 70 848e2c0-848e2c6 60->70 71 848e2d6-848e2e2 60->71 75 848e4dc 64->75 76 848e4d3 64->76 65->64 77 848e397-848e39a 67->77 72 848e36e 68->72 73 848e370-848e372 68->73 79 848e2c8 70->79 80 848e2ca-848e2cc 70->80 82 848e321 71->82 83 848e2e4-848e2f1 71->83 72->67 73->67 75->45 76->75 77->45 79->71 80->71 82->33 87 848e309-848e31f 83->87 88 848e2f3-848e2f9 83->88 87->33 87->82 89 848e2fb 88->89 90 848e2fd-848e2ff 88->90 89->87 90->87
                                                                                                                                                                      APIs
                                                                                                                                                                      • IdentifyCodeAuthzLevelW.ADVAPI32(?,?,?,00000000), ref: 0848E74A
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337599272.0000000008480000.00000040.00000800.00020000.00000000.sdmp, Offset: 08480000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8480000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID: AuthzCodeIdentifyLevel
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID: 1431151113-0
                                                                                                                                                                      • Opcode ID: be57699c20d3035b018890d4f8a208ad809b1fd0fa1c5af8ecdea58af6fc2cfb
                                                                                                                                                                      • Instruction ID: 3798813347e4f5c15b1b4518dca1c136b797216e017e94441cd57bbbf7d87366
                                                                                                                                                                      • Opcode Fuzzy Hash: be57699c20d3035b018890d4f8a208ad809b1fd0fa1c5af8ecdea58af6fc2cfb
                                                                                                                                                                      • Instruction Fuzzy Hash: 7DF13774A00218DFDB14EF68D958B9EBBF1BF48305F1180AAE50AAB361DB35AD45CF50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 95 847dc80-847ddcf 113 847dde7-847de04 95->113 114 847ddd1-847dde5 95->114 117 847de07-847de68 113->117 114->117 125 847df56-847df5a 117->125 126 847de6e-847de7e 117->126 127 847df82-847df84 125->127 128 847df5c-847df62 125->128 133 847de84-847de9e 126->133 134 847df21-847df48 126->134 130 847df8b-847df91 127->130 131 847df77-847df80 128->131 132 847df64-847df75 128->132 135 847df93-847dfa1 130->135 136 847dfef-847e009 130->136 131->130 132->130 132->131 143 847df04-847df1f 133->143 144 847dea0-847deaa 133->144 216 847df4b call 8479df7 134->216 217 847df4b call 847a152 134->217 218 847df4b call 8479ddd 134->218 219 847df4b call 8479e1a 134->219 135->136 145 847dfa3-847dfad 135->145 150 847e00f-847e021 136->150 151 847e0ca-847e0dd 136->151 143->130 144->143 154 847deac-847dece 144->154 145->136 155 847dfaf-847dfb6 145->155 147 847df51-847df54 147->130 165 847e027-847e02e 150->165 166 847e0df-847e0f3 150->166 153 847e11e-847e122 151->153 158 847e124 153->158 159 847e12d-847e12e 153->159 154->130 176 847ded4 154->176 156 847dfcb-847dfd2 155->156 157 847dfb8-847dfc9 155->157 162 847e146-847e1f6 156->162 163 847dfd8-847dfe9 156->163 157->136 157->156 158->159 159->162 204 847e283-847e28c 162->204 205 847e1fc-847e23b 162->205 163->136 163->162 167 847e034-847e03d call 847b520 165->167 168 847e10c-847e119 165->168 181 847e0fa-847e107 166->181 180 847e043 167->180 167->181 168->153 184 847e045-847e07f 168->184 179 847ded7-847defd 176->179 192 847deff 179->192 180->184 181->184 195 847e081-847e0ae 184->195 196 847e0b9-847e0c4 184->196 192->130 195->196 196->150 196->151 210 847e255-847e271 205->210 211 847e23d-847e253 205->211 214 847e27c-847e298 210->214 211->214 216->147 217->147 218->147 219->147
                                                                                                                                                                      Strings
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID: \
                                                                                                                                                                      • API String ID: 0-2967466578
                                                                                                                                                                      • Opcode ID: 073413e92404610dd07eeb9c1ce9000d0232846d1a260f69443da51a38d74a94
                                                                                                                                                                      • Instruction ID: 29b8acb96db424b97dc732c5e473f9aad1d3a69d9efd32380e76ca4fc5c5e811
                                                                                                                                                                      • Opcode Fuzzy Hash: 073413e92404610dd07eeb9c1ce9000d0232846d1a260f69443da51a38d74a94
                                                                                                                                                                      • Instruction Fuzzy Hash: D8025E74A00208DFCB04DFA4D994A9EBBB3FF88305F148569E906AB395DB75AC01CF91
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 522 8477c70-8477c94 523 8477c96-8477ca3 522->523 524 8477ca5 522->524 525 8477caa-8477cac 523->525 524->525 526 8477cb2-8477cc1 525->526 527 84780ab-8478134 525->527 526->527 530 8477cc3-8477cc9 526->530 541 84781b7-84781c5 527->541 542 847813a-8478150 527->542 532 8477cd1-8477d1c 530->532 533 8477ccb 530->533 701 8477d1e call 84775d0 532->701 702 8477d1e call 84775bf 532->702 533->532 547 84781c7-84781cf 541->547 548 84781d2-84781e1 541->548 707 8478153 call 8477c60 542->707 708 8478153 call 8477c70 542->708 545 8477d24-8477d4b 554 8477d4d-8477d5a 545->554 555 8477d5c 545->555 557 84781e3-84781f3 548->557 558 847823f-8478253 548->558 549 8478156-8478159 549->547 556 8477d61-8477d63 554->556 555->556 559 8478094-847809e 556->559 560 8477d69-8477d7f 556->560 561 8478255-8478260 558->561 562 8478268-847828c 558->562 566 8477d81-8477d8e 560->566 567 8477d90-8477da5 560->567 561->562 570 84782b6-84782ba 562->570 571 847828e-84782b1 562->571 566->567 576 8477da7-8477db4 567->576 577 8477db6-8477dc5 567->577 574 84782c2-8478314 570->574 575 84782bc-84782c0 570->575 581 847852e-8478599 571->581 574->581 575->574 578 8478319-847831d 575->578 576->577 577->559 586 8477dcb-8477ddf 577->586 583 8478323-847832f 578->583 584 84783eb-84783f0 578->584 640 84785f7-84785f9 581->640 641 847859b-847859f 581->641 589 8478344-8478362 583->589 590 8478331-847833c 583->590 587 84783f2-84783f7 584->587 588 84783f9 584->588 599 8477e04-8477e0f 586->599 600 8477de1-8477def 586->600 593 84783fb-84783fd 587->593 588->593 601 8478364-8478369 589->601 602 847836b 589->602 590->589 597 8478403-847842a 593->597 598 84784fd-8478508 593->598 597->598 627 8478430-8478438 597->627 703 847850b call 84780f0 598->703 704 847850b call 8478100 598->704 705 847850b call 8477c60 598->705 706 847850b call 8477c70 598->706 616 8477e22-8477e3a 599->616 617 8477e11-8477e1d 599->617 600->599 613 8477df1-8477e01 600->613 605 847836d-847836f 601->605 602->605 605->584 609 8478371-8478376 605->609 606 8478511-8478527 606->581 614 847837f 609->614 615 8478378-847837d 609->615 613->599 619 8478381-8478383 614->619 615->619 628 8477e3c-8477e46 616->628 629 8477e48 616->629 617->559 619->584 623 8478385-847839c 619->623 623->584 638 847839e-84783b5 623->638 631 8478446 627->631 632 847843a-8478444 627->632 630 8477e4d-8477e4f 628->630 629->630 634 8477e51-84780a8 630->634 635 8477e5c-8477e7a 630->635 637 847844b-847844d 631->637 632->637 654 8477e8c-8477e96 635->654 655 8477e7c-8477e8a 635->655 637->598 642 8478453-8478464 637->642 638->584 647 84783b7-84783ce 638->647 645 8478624-847864f 640->645 646 84785fb-8478617 640->646 641->640 642->598 651 847846a-847847d 642->651 647->584 658 84783d0-84783e6 647->658 656 8478483-847848b 651->656 657 8478529 651->657 665 8477e98-8477e9a 654->665 655->654 655->665 659 847848d-8478496 656->659 660 8478498 656->660 657->581 658->581 663 847849d-84784ab 659->663 660->663 666 84784d0-84784d2 663->666 667 84784ad-84784b0 663->667 670 8477eac-8477f13 665->670 671 8477e9c-8477eaa 665->671 669 84784d4-84784f8 666->669 667->657 672 84784b2-84784ba 667->672 669->598 680 84784fa 669->680 670->559 671->670 679 8477f18-8477f36 671->679 673 84784c7 672->673 674 84784bc-84784c5 672->674 676 84784cc-84784ce 673->676 674->676 676->669 685 8477f54-8477fba 679->685 686 8477f38-8477f4f 679->686 680->598 685->559 686->559 701->545 702->545 703->606 704->606 705->606 706->606 707->549 708->549
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 148acaed2f752249dba74bee4bf672e24b9f6b9400ae4082b648b1df2f40ecd6
                                                                                                                                                                      • Instruction ID: e0008a968da81fe57bfb8c94a3a0c538dbb4764219006cbe6d9ab49e2845f279
                                                                                                                                                                      • Opcode Fuzzy Hash: 148acaed2f752249dba74bee4bf672e24b9f6b9400ae4082b648b1df2f40ecd6
                                                                                                                                                                      • Instruction Fuzzy Hash: 50325974A002059FDB14DF69D948AEEBBF2EF88305F14846AE905EB391DB75DC42CB60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 1066 84785ca-84785d1 1067 84785d3-84785e6 1066->1067 1068 847862f-847863f 1066->1068 1071 84785ef 1067->1071 1072 84785e8-84785ed 1067->1072 1069 84786a1-84786aa 1068->1069 1070 8478641-847864a 1068->1070 1073 84786ac-8478765 1069->1073 1070->1073 1074 847864c-847869e 1070->1074 1075 84785f1-84785f3 1071->1075 1072->1075 1101 84787fb-8478829 1073->1101 1102 847876b-847878a 1073->1102 1074->1069 1076 84785f5-84785fc 1075->1076 1077 84785fe-847860a 1075->1077 1076->1077 1081 847860c 1076->1081 1083 8478615-8478617 1077->1083 1081->1083 1111 8478887-847888b 1101->1111 1112 847882b-8478858 1101->1112 1109 847878c-8478793 1102->1109 1110 847879b-84787fa 1102->1110 1109->1110 1113 84788a6-84788b7 1111->1113 1114 847888d-847889e 1111->1114 1115 847885e-8478882 1112->1115 1116 8478f2a-8478f41 1112->1116 1123 84788ba-84788c5 1113->1123 1114->1113 1115->1123 1128 8478884 1115->1128 1130 8478f48-8478f99 call 84785a0 1116->1130 1131 84788c7-84788de call 84785a0 1123->1131 1132 84788e0-84788ee 1123->1132 1128->1111 1174 8478fb7-8478fbd 1130->1174 1175 8478f9b-8478fb5 call 84785a0 1130->1175 1147 847895b-847895f 1131->1147 1140 84788f0-8478906 call 84765c0 call 84785a0 1132->1140 1141 8478908-847890f 1132->1141 1140->1147 1145 8478911-8478922 1141->1145 1146 847892a-8478941 1141->1146 1145->1146 1146->1147 1155 8478943-8478956 call 84785a0 1146->1155 1150 8478961-847897a 1147->1150 1151 847897d-8478987 1147->1151 1150->1151 1160 8478990 1151->1160 1161 8478989-847898e 1151->1161 1155->1147 1163 8478992-8478994 1160->1163 1161->1163 1168 8478996-84789a3 1163->1168 1169 84789ab-84789b7 1163->1169 1168->1169 1170 84789d2-84789e4 1169->1170 1171 84789b9-84789ca 1169->1171 1261 84789e6 call 847d639 1170->1261 1262 84789e6 call 847d468 1170->1262 1263 84789e6 call 847d478 1170->1263 1171->1170 1179 8478fc5-8479012 1174->1179 1175->1179 1177 84789ec-8478a2c 1177->1130 1185 8478a32-8478a51 1177->1185 1189 8478a57-8478ab1 1185->1189 1190 8478dd9-8478ddd 1185->1190 1216 8478ab7-8478af2 call 84765c0 1189->1216 1217 8478b5a-8478b78 1189->1217 1191 8478de3-8478dee 1190->1191 1192 8478eea-8478f23 call 84785a0 1190->1192 1200 8478e24-8478ecf 1191->1200 1201 8478df0-8478e04 1191->1201 1192->1116 1201->1200 1208 8478e06-8478e0a 1201->1208 1208->1200 1209 8478e0c-8478e21 1208->1209 1209->1200 1229 8478be5-8478bec 1216->1229 1255 8478b7a call 84780f0 1217->1255 1256 8478b7a call 8478100 1217->1256 1257 8478b7a call 8477c60 1217->1257 1258 8478b7a call 8477c70 1217->1258 1259 8478b7a call 84781f8 1217->1259 1260 8478b7a call 8478208 1217->1260 1228 8478b80-8478b86 1228->1229 1232 8478c07 1229->1232 1233 8478bee-8478c05 1229->1233 1235 8478c09-8478c0b 1232->1235 1233->1235 1237 8478c52-8478c6e 1235->1237 1238 8478c0d-8478c19 1235->1238 1243 8478c70-8478c83 1237->1243 1244 8478c8a 1237->1244 1241 8478c37-8478c3d 1238->1241 1242 8478c1b-8478c35 call 84785a0 1238->1242 1245 8478c45-8478c48 1241->1245 1242->1245 1243->1244 1249 8478c8b 1244->1249 1245->1237 1249->1249 1255->1228 1256->1228 1257->1228 1258->1228 1259->1228 1260->1228 1261->1177 1262->1177 1263->1177
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 6c5c1204d6e020f1c7df2fcd58ee0939d370d85bcb2393adec8d852617e3716a
                                                                                                                                                                      • Instruction ID: 550dc6dc6c4c8e22d8f6653f629391ffeec8f83160733eff8c78642a028f6bf3
                                                                                                                                                                      • Opcode Fuzzy Hash: 6c5c1204d6e020f1c7df2fcd58ee0939d370d85bcb2393adec8d852617e3716a
                                                                                                                                                                      • Instruction Fuzzy Hash: C4426F34A00209CFDB14DF64D898AAEBBB6FF88345F24856ED5059B365DB34AC42CF90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 1589 847d478-847d47d 1590 847d47f-847d487 1589->1590 1591 847d488-847d4be 1589->1591 1596 847d4c0-847d4d4 1591->1596 1597 847d4da-847d4f1 1591->1597 1602 847d4d6-847d4d9 1596->1602 1603 847d4f8-847d559 1596->1603 1597->1603 1608 847d55f-847d563 1603->1608 1609 847d779-847d790 1603->1609 1610 847d797-847d7ea 1608->1610 1611 847d569-847d5a7 call 847a440 1608->1611 1609->1610 1620 847d7f0-847d804 1610->1620 1621 847db3e-847db55 1610->1621 1626 847d5f6-847d619 call 847b520 call 847ace8 1611->1626 1627 847d5a9-847d5e8 1611->1627 1623 847d806-847d81c call 8476a88 1620->1623 1624 847d824-847d833 1620->1624 1641 847db5c-847dc6c 1621->1641 1623->1624 1635 847d835-847d83a 1624->1635 1636 847d83c 1624->1636 1648 847d642-847d650 1626->1648 1649 847d61b-847d637 1626->1649 1654 847d5f3 1627->1654 1655 847d5ea 1627->1655 1638 847d83e-847d840 1635->1638 1636->1638 1642 847d842-847d84c 1638->1642 1643 847d87f-847d895 call 847bda8 1638->1643 1646 847d84e-847d864 call 8476a88 1642->1646 1647 847d86c-847d87c 1642->1647 1660 847da75-847da7f 1643->1660 1661 847d89b-847d8ca 1643->1661 1646->1647 1647->1643 1733 847d653 call 847dc70 1648->1733 1734 847d653 call 847dc80 1648->1734 1666 847d65c-847d662 1649->1666 1654->1626 1655->1654 1659 847d659 1659->1666 1662 847da81-847da97 call 8476a88 1660->1662 1663 847da9f-847daac 1660->1663 1682 847d8cc-847d8e2 call 8476a88 1661->1682 1683 847d8ea-847da54 call 847c6c0 1661->1683 1662->1663 1680 847dab4-847dabb 1663->1680 1669 847d664-847d672 1666->1669 1670 847d6ae-847d6c1 1666->1670 1669->1670 1681 847d674-847d67e 1669->1681 1674 847d752-847d756 1670->1674 1677 847d761 1674->1677 1678 847d758 1674->1678 1677->1609 1678->1677 1686 847dac4 1680->1686 1687 847dabd-847dac2 1680->1687 1681->1670 1695 847d680-847d688 1681->1695 1682->1683 1683->1680 1706 847da56-847da73 1683->1706 1688 847dac6-847dac8 1686->1688 1687->1688 1688->1641 1693 847dace-847db3b 1688->1693 1697 847d697-847d69f 1695->1697 1698 847d68a-847d695 1695->1698 1703 847d6c6-847d74a 1697->1703 1704 847d6a1-847d6ac 1697->1704 1698->1670 1698->1697 1703->1674 1704->1670 1704->1703 1706->1680 1733->1659 1734->1659
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 292825dbb399eedc103bd15938ee639813c424c19481a23aa905e7fe329db011
                                                                                                                                                                      • Instruction ID: 390b26b62271d5d8eba871ea26b05656c8ea4214b219eb2f97060925471c6014
                                                                                                                                                                      • Opcode Fuzzy Hash: 292825dbb399eedc103bd15938ee639813c424c19481a23aa905e7fe329db011
                                                                                                                                                                      • Instruction Fuzzy Hash: 01128D34A042089FDB04DF74D854AAE7BB3EF88355F158469E94AAB395DB34EC41CFA0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                      • Executed
                                                                                                                                                                      • Not Executed
                                                                                                                                                                      control_flow_graph 2416 84775d0-84775f1 2417 84775f7-84775fb 2416->2417 2418 847799f-84779b6 2416->2418 2419 847760d-847760f 2417->2419 2420 84775fd-847760a 2417->2420 2426 84779bd-84779f2 2418->2426 2421 8477617-847766c 2419->2421 2422 8477611 2419->2422 2434 847768e-84776b5 2421->2434 2435 847766e-847768c 2421->2435 2422->2421 2430 84779f4-84779fe 2426->2430 2431 8477a00 2426->2431 2433 8477a05-8477a07 2430->2433 2431->2433 2436 8477a12-8477a59 2433->2436 2437 8477a09-8477a11 2433->2437 2434->2426 2444 84776bb-84776f3 2434->2444 2435->2434 2449 8477a67-8477a7c 2436->2449 2450 8477a5b-8477a65 2436->2450 2444->2426 2454 84776f9-8477726 2444->2454 2455 8477a83-8477a85 2449->2455 2456 8477a7e 2449->2456 2450->2449 2467 8477761-847778c 2454->2467 2468 8477728-8477739 2454->2468 2457 8477a87-8477a98 2455->2457 2458 8477aa3-8477b31 2455->2458 2456->2455 2457->2458 2463 8477a9a-8477aa2 2457->2463 2476 8477792-8477794 2467->2476 2477 84778db-84778e5 2467->2477 2468->2467 2471 847773b-847775c 2468->2471 2478 8477969-847796d 2471->2478 2479 8477796-84777a0 2476->2479 2480 84777a2 2476->2480 2486 84778e7-84778e9 2477->2486 2487 847790c-847791c 2477->2487 2481 847796f-847797c 2478->2481 2482 847797e 2478->2482 2484 84777a7-84777a9 2479->2484 2480->2484 2485 8477983-8477985 2481->2485 2482->2485 2484->2477 2488 84777af-84777da 2484->2488 2489 8477987-8477991 2485->2489 2490 8477993-847799c 2485->2490 2491 84778f7 2486->2491 2492 84778eb-84778f5 2486->2492 2528 847791e call 8475f00 2487->2528 2529 847791e call 8475f10 2487->2529 2502 84777dc-84777e9 2488->2502 2503 84777eb 2488->2503 2489->2490 2493 84778fc-84778fe 2491->2493 2492->2493 2497 8477904-847790a 2493->2497 2498 8477900-8477902 2493->2498 2497->2478 2498->2478 2499 8477924-8477967 2499->2478 2504 84777f0-84777f2 2502->2504 2503->2504 2506 84777f7-84777fd 2504->2506 2507 84777f4 2504->2507 2508 84777ff-8477817 2506->2508 2509 8477819-847781d 2506->2509 2507->2506 2508->2509 2510 847781f-847782c 2509->2510 2511 847782e 2509->2511 2513 8477833-8477835 2510->2513 2511->2513 2513->2478 2514 847783b-8477849 2513->2514 2516 847784b-847785e 2514->2516 2517 8477898-84778b7 2514->2517 2516->2517 2520 8477860-8477893 2516->2520 2517->2478 2522 84778bd-84778d4 2517->2522 2520->2478 2526 84778d6 2522->2526 2526->2478 2528->2499 2529->2499
                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 05b13141cbdb43a38210a41918d5cca6d1547659abd91e19278483ecebe04f69
                                                                                                                                                                      • Instruction ID: 9ed12db5f0bf5a6105d8ad24ba102e71ecd568fc913429855e1d67a71f4c4302
                                                                                                                                                                      • Opcode Fuzzy Hash: 05b13141cbdb43a38210a41918d5cca6d1547659abd91e19278483ecebe04f69
                                                                                                                                                                      • Instruction Fuzzy Hash: 42E1B034B012049FEB108B79D944BAEB7E6EF88359F55807AE905DB391DB75CC42CB90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337211265.0000000007F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F10000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_7f10000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 5fb7d1f9ddc3f6c1481b1f938bdfd6f696ac88385b217184f3f37f1be03aead6
                                                                                                                                                                      • Instruction ID: 2cdc0ebccd2dab5aa1792d77bec366ca7aff5fbfe802628659be88c74dedd3ca
                                                                                                                                                                      • Opcode Fuzzy Hash: 5fb7d1f9ddc3f6c1481b1f938bdfd6f696ac88385b217184f3f37f1be03aead6
                                                                                                                                                                      • Instruction Fuzzy Hash: D3E18DB0A00219CFDB24EF64C954B9EB7B2BF89314F2485A9D509AB354DB34ED45CFA0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: b1af038624ba841425f56206a6ee784ad568c2f898d3c3f5d40036ce720274d8
                                                                                                                                                                      • Instruction ID: b742de6c942842988c1b5bb544ed478a00143876d9121c3539c2a9db39d155df
                                                                                                                                                                      • Opcode Fuzzy Hash: b1af038624ba841425f56206a6ee784ad568c2f898d3c3f5d40036ce720274d8
                                                                                                                                                                      • Instruction Fuzzy Hash: 7BB1AF30A042489FDB05DF74D898AAE7BB6EF89305F15846EE506DB3A1CB389C45CF91
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 1a7974e001e156e6cfc8504e3be4136396567bb459131723adf30b7348fbb798
                                                                                                                                                                      • Instruction ID: 657bf5fd85da456462f154e5946a994b1902b2502c396b44850b7cea07c6bef4
                                                                                                                                                                      • Opcode Fuzzy Hash: 1a7974e001e156e6cfc8504e3be4136396567bb459131723adf30b7348fbb798
                                                                                                                                                                      • Instruction Fuzzy Hash: EE91D272E002589FCB15DFA8C8006DEBFB2FF89315F15816AD905AB390EB759946CB90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: b9282bbc8a156843fbe0adaaad68f48f76699980fd5f91c3def34034add4cfe4
                                                                                                                                                                      • Instruction ID: ef8fc02ec01e27bb9c636dfbcf95d0cd42d714f5c27ca40aba0db38023e6c1fb
                                                                                                                                                                      • Opcode Fuzzy Hash: b9282bbc8a156843fbe0adaaad68f48f76699980fd5f91c3def34034add4cfe4
                                                                                                                                                                      • Instruction Fuzzy Hash: 0AA16A34A00218DFDB14DFA4C994BAEBBB2FF44305F15846AE505AB392DB39AC81CF51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337211265.0000000007F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F10000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_7f10000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 5439b3c788ac2958a7d56536896ff32b81ad6a66d5eeed783c17a2384eb2d140
                                                                                                                                                                      • Instruction ID: 47680cc9c3d5e0e9cc6d4c999509ed52089347a9fdea2313b9ea4c355a22be53
                                                                                                                                                                      • Opcode Fuzzy Hash: 5439b3c788ac2958a7d56536896ff32b81ad6a66d5eeed783c17a2384eb2d140
                                                                                                                                                                      • Instruction Fuzzy Hash: E9918970A01219CFEB14EF69DC44BAEBBB2FF88314F1981A9D509A7290DB349D41CF60
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337211265.0000000007F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F10000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_7f10000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: c011187178ee4cbb98bec3783c5bc339c4f9c2e26066f2b21e5c2b1b49abd016
                                                                                                                                                                      • Instruction ID: fd2eac550538017e129728d8e0ac767a9677c1dea8752cb06cb87f6c463928c1
                                                                                                                                                                      • Opcode Fuzzy Hash: c011187178ee4cbb98bec3783c5bc339c4f9c2e26066f2b21e5c2b1b49abd016
                                                                                                                                                                      • Instruction Fuzzy Hash: 4A51A635B101199BDB05DBA4DD51BAEBAB7EB88304F208079F60AA7394CF759C028F95
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: bdf48325d947796b569978d32b8a9c24ec87e0f6978e260c7e273827e3e90919
                                                                                                                                                                      • Instruction ID: 06489ec2ef6beaf23faaa3695cbab3a76e94da179ed8c1c089157d045781ebb1
                                                                                                                                                                      • Opcode Fuzzy Hash: bdf48325d947796b569978d32b8a9c24ec87e0f6978e260c7e273827e3e90919
                                                                                                                                                                      • Instruction Fuzzy Hash: 85611A30E00619CFDB14DB64C958BAEB7B3EF84345F158429D50AAB358DB78AC42CF81
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337211265.0000000007F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F10000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_7f10000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 684aee31c44078bf077425c51469635431e504c993283d4fa5dc97199ff2bda3
                                                                                                                                                                      • Instruction ID: 2ac07ae770152083a3a08193910d5c29be351553bc8196c3e72c1e95f7f0aae2
                                                                                                                                                                      • Opcode Fuzzy Hash: 684aee31c44078bf077425c51469635431e504c993283d4fa5dc97199ff2bda3
                                                                                                                                                                      • Instruction Fuzzy Hash: 87518535B101199BDB05EB94DD51BAEBAB7EB8C304F208079F60AA7394CF759C028F95
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 200d89bf1f38149595ba5e18080f1648c331c9471c9d5bd9c516a4b36298dce9
                                                                                                                                                                      • Instruction ID: d9202825d6830f1e01c2872116648f3045740b284976fd675eabfa0589240e33
                                                                                                                                                                      • Opcode Fuzzy Hash: 200d89bf1f38149595ba5e18080f1648c331c9471c9d5bd9c516a4b36298dce9
                                                                                                                                                                      • Instruction Fuzzy Hash: 53613A30E006188FDB14DB64C958B9EBBB3EF84305F15852ED40AAB358DB78AC42CF81
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 768a3ebfabe5ebf801885309e4634962238020401dd9814b01fdef4e6fe82a01
                                                                                                                                                                      • Instruction ID: 63d74ec178ce881458f7bdb02225a5b88e67fac3b3c46728adf0f3a7d099ce9c
                                                                                                                                                                      • Opcode Fuzzy Hash: 768a3ebfabe5ebf801885309e4634962238020401dd9814b01fdef4e6fe82a01
                                                                                                                                                                      • Instruction Fuzzy Hash: 4051A072E01649CBDF15CFA4C8406DDBFB2BF49315F29855AC8047B390EB75AA46CB90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: f4815b47d76fba10627a7018fd3e7abd5817c1ea528ab1a29ac59c7a5683a72f
                                                                                                                                                                      • Instruction ID: ca4013618f0066e68553b98ec6e50466d8a843ffb4f19a06efe6b24fd41ef26c
                                                                                                                                                                      • Opcode Fuzzy Hash: f4815b47d76fba10627a7018fd3e7abd5817c1ea528ab1a29ac59c7a5683a72f
                                                                                                                                                                      • Instruction Fuzzy Hash: AA512674E002448FDB11CF79D945AEEBBF2AB48255F15807ADA01AB390EB35D842CFA0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 8f3876a3da938865639db17271195ba12ce2a302f693d5546abec481f9020c70
                                                                                                                                                                      • Instruction ID: a0e9fb0b830dea8e9d10991b277c8fdc7643a82095769694e6e6d50806053dfb
                                                                                                                                                                      • Opcode Fuzzy Hash: 8f3876a3da938865639db17271195ba12ce2a302f693d5546abec481f9020c70
                                                                                                                                                                      • Instruction Fuzzy Hash: 56513834E012158FDB54EB79D8446AEB7F2EF88366F15806AE806EB350DB39D801CF90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: d4ac0fb1a28b020811bf8ffc6c1aaaf4cbe60f60b0e0b0e334d79461bfa2b8e3
                                                                                                                                                                      • Instruction ID: 4e7d01d478e72a469504c8e9eee32d557fcc3fc70ef738bfffd7bcfbe9f3e1ee
                                                                                                                                                                      • Opcode Fuzzy Hash: d4ac0fb1a28b020811bf8ffc6c1aaaf4cbe60f60b0e0b0e334d79461bfa2b8e3
                                                                                                                                                                      • Instruction Fuzzy Hash: 51515774A012199FDB14DF64D994BAEBBB2FF88304F50806AE54AEB391DF389841CF51
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 46ab06f1f4a985168cab41c001dcae6342aa74a540a93ceeb1e2707e7accc324
                                                                                                                                                                      • Instruction ID: 3254ba3df51b698c491f86b4fc14a2ba41a75aab4534469cf0fdbacde442208e
                                                                                                                                                                      • Opcode Fuzzy Hash: 46ab06f1f4a985168cab41c001dcae6342aa74a540a93ceeb1e2707e7accc324
                                                                                                                                                                      • Instruction Fuzzy Hash: 38412434E01215CFDB54EB79D4446EEB7F2EF88326B16806AD805AB350DB39D842CF90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: b10e8ca606966490f76e74ea9c519b503a76a444bd5ab3ec47993fa140c0137e
                                                                                                                                                                      • Instruction ID: 3a7471c47b7199706b746c1fbd3805eb19f4f9d3b62f0db6143a89ec8690dd04
                                                                                                                                                                      • Opcode Fuzzy Hash: b10e8ca606966490f76e74ea9c519b503a76a444bd5ab3ec47993fa140c0137e
                                                                                                                                                                      • Instruction Fuzzy Hash: D131EF30E00305CBDB14AF74D8546EEB7B7EFA5346F16846EC605AB251DB39D806CB90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337211265.0000000007F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F10000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_7f10000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 27195ffb94f7700f1470191556662c605a463172e393910eb82cad44fb6cbd35
                                                                                                                                                                      • Instruction ID: 5a94d42405249e0b1f329b21ab0643cdc5a8c1a3784611a6490cc0db468449c4
                                                                                                                                                                      • Opcode Fuzzy Hash: 27195ffb94f7700f1470191556662c605a463172e393910eb82cad44fb6cbd35
                                                                                                                                                                      • Instruction Fuzzy Hash: DA4180343041058FD344EB24D494A2E37A7EFCA359B2584B9E60A8B3A5CF38EC06CB91
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: c8bab03b54edd64ef7913dd3320f020d75977cca33d3a6a225d76fd816b37cd2
                                                                                                                                                                      • Instruction ID: d89c5c2a1c8d7b17fd85d93310fd78abf1ae70a4a02b34e8944b8ba5894c6223
                                                                                                                                                                      • Opcode Fuzzy Hash: c8bab03b54edd64ef7913dd3320f020d75977cca33d3a6a225d76fd816b37cd2
                                                                                                                                                                      • Instruction Fuzzy Hash: 0341EC30E0561ACFDB249F65D558BAFBBB2EF5430AF15842ED41A9B354DB389842CF80
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 034a81f11e4c1928c5b78d25eab393cd80bce8c652de2a41b776ad31469ba296
                                                                                                                                                                      • Instruction ID: 5e6462126a7aff93692ed593f0e3d9c02d7b669b9a45b7fde43ec6fd43d00c08
                                                                                                                                                                      • Opcode Fuzzy Hash: 034a81f11e4c1928c5b78d25eab393cd80bce8c652de2a41b776ad31469ba296
                                                                                                                                                                      • Instruction Fuzzy Hash: 2A317C31B00241CFCB24DB75C9806AFF3E6EF8425AB94857EC519E7B50EB35E8428B90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 87a0a8f864aa9336c914f563b7891f18dc6bd646c87823851b764965cad3f1c8
                                                                                                                                                                      • Instruction ID: acc4818f305671cd05211e824d6bea6942f48c5b8c395cdb2343f13706f09e9d
                                                                                                                                                                      • Opcode Fuzzy Hash: 87a0a8f864aa9336c914f563b7891f18dc6bd646c87823851b764965cad3f1c8
                                                                                                                                                                      • Instruction Fuzzy Hash: 31319A30E00616CBDB14AB79D8547EEB7B7EFA8346F15842AC606AB354DB399805CB90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337211265.0000000007F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F10000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_7f10000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 95fa52836c9b1c5f3da5c7bc274128705997a21362809bebc85541349cba0778
                                                                                                                                                                      • Instruction ID: 01d13a007688398b06b5efe397d39385902b27510cb520bbc7913e34e0d27560
                                                                                                                                                                      • Opcode Fuzzy Hash: 95fa52836c9b1c5f3da5c7bc274128705997a21362809bebc85541349cba0778
                                                                                                                                                                      • Instruction Fuzzy Hash: C531DF75B001418FCB04DFA9DA41AAFB7A7EB88200F184079EA05D7354EF31E8028B62
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: f9b5801cbf5e0e5c77ada30a50922a76b9a620c61b9b05c5ea3099179e01728c
                                                                                                                                                                      • Instruction ID: a19493303b464c414646b460edf352a3de37c9b97253940e98a747dd24945790
                                                                                                                                                                      • Opcode Fuzzy Hash: f9b5801cbf5e0e5c77ada30a50922a76b9a620c61b9b05c5ea3099179e01728c
                                                                                                                                                                      • Instruction Fuzzy Hash: BF31D834A01219CFCB14DFA4C498AADBBB2FF44346F25846AE905AB761DB35EC81CF50
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337211265.0000000007F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F10000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_7f10000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 612ca4cc2cd720b8d183c2fa7f795d36a427b979533299ee8b967ce8b145e4eb
                                                                                                                                                                      • Instruction ID: 92a29a4336c78cff6a0c3ab178fe3898269527ee4f58114e5f49dc1f1fbc2a32
                                                                                                                                                                      • Opcode Fuzzy Hash: 612ca4cc2cd720b8d183c2fa7f795d36a427b979533299ee8b967ce8b145e4eb
                                                                                                                                                                      • Instruction Fuzzy Hash: 72214C6190E3C15FD7039B3C9CB46857FB29F13218B1A04EBC5C4CF5A3EA688819D7A6
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 01b518070c8268d7543e8174b61217a442372b77db2edd643128a17272dbbe26
                                                                                                                                                                      • Instruction ID: a4706bc9569925e4cb8f16f04b5119693a23cbde34f599bfc1403aa4714eeca6
                                                                                                                                                                      • Opcode Fuzzy Hash: 01b518070c8268d7543e8174b61217a442372b77db2edd643128a17272dbbe26
                                                                                                                                                                      • Instruction Fuzzy Hash: 5711DD31B082984FCB11D7B958512EDBBE98FC2116F1940BBD548CB241EF288E55C3A1
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: c5f7f0cc1a75ae59070bcbc40ef03ecbfa15aeed1456b78e80b603da77acc160
                                                                                                                                                                      • Instruction ID: 26e14714a151816ce85c3e3b98126479e42bb03036b277d89e3dda2d8d105e00
                                                                                                                                                                      • Opcode Fuzzy Hash: c5f7f0cc1a75ae59070bcbc40ef03ecbfa15aeed1456b78e80b603da77acc160
                                                                                                                                                                      • Instruction Fuzzy Hash: 69214F75F00108CFDB14DFA9D854AEEBBB6EB89316F10802AD615A7390DB359841CF64
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 862222ecf9c4fcff25157fdd0f662f2188f73ed1eaf8487503947c6dcdca2063
                                                                                                                                                                      • Instruction ID: 1e47f49d9400187fdfeff8ed2319d5da941691688e79342fdf449801f0ef222b
                                                                                                                                                                      • Opcode Fuzzy Hash: 862222ecf9c4fcff25157fdd0f662f2188f73ed1eaf8487503947c6dcdca2063
                                                                                                                                                                      • Instruction Fuzzy Hash: E531E934A00219CFCB04DFA8D5949EDBBF2BF4D211B6485A9D405B7360DB35AD81CF95
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337211265.0000000007F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F10000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_7f10000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 4a3c53f059fb995da61d0a1c13a18175f9793b90cf40673b6d73fc2d3f077e8a
                                                                                                                                                                      • Instruction ID: c4403c820f9f8edf335c6fc48d99de8704024968a34e044becdb16256081b43d
                                                                                                                                                                      • Opcode Fuzzy Hash: 4a3c53f059fb995da61d0a1c13a18175f9793b90cf40673b6d73fc2d3f077e8a
                                                                                                                                                                      • Instruction Fuzzy Hash: 82216F342041058FD710EF29D499E5E7BA6EFCA319B628579E60A8B371CB71EC06CBD0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: ed260370ca4669cb5b05d106d5a2672e61c071d1953264730bb0a0bbae41f75b
                                                                                                                                                                      • Instruction ID: 542345f8be3a32bb6e1346b2e7aa30a62f97a09d9d460c66258a06fd31951ce3
                                                                                                                                                                      • Opcode Fuzzy Hash: ed260370ca4669cb5b05d106d5a2672e61c071d1953264730bb0a0bbae41f75b
                                                                                                                                                                      • Instruction Fuzzy Hash: C121D434A00219CFCB04DFA8D4849EDB7F2BF8C215B6485A9D405B7360DB35AD81CFA1
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 96f00ca3dc94fff89db9d0d25e4121fbcdee3bfadccfcc7f937524aedb19b051
                                                                                                                                                                      • Instruction ID: e233b1e023024222194cd09f01e05c6c5e3574694dbc8ed9896eadaced6458a3
                                                                                                                                                                      • Opcode Fuzzy Hash: 96f00ca3dc94fff89db9d0d25e4121fbcdee3bfadccfcc7f937524aedb19b051
                                                                                                                                                                      • Instruction Fuzzy Hash: 9C11A7307042458FC709ABB8E8546AE7797AF85745F1480BDD6098F792DF3AE841CB91
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 06453aa53a4b2dbf48cfa7963f878892c0500f2715587ab694771ab4dde44b4e
                                                                                                                                                                      • Instruction ID: 7ea4ade0f9be6231f8599fb299e5750f3e54afb7c9ae682304899d0792b62375
                                                                                                                                                                      • Opcode Fuzzy Hash: 06453aa53a4b2dbf48cfa7963f878892c0500f2715587ab694771ab4dde44b4e
                                                                                                                                                                      • Instruction Fuzzy Hash: 0D218E70E042898FDB15CBA8C454BEEBFF1AF49710F2981AAD441BB361DA718945CFA1
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: ee87b4c83f61686f7f17d252c76f24e2c90017590d4f72e3636283acb63cc684
                                                                                                                                                                      • Instruction ID: d856e120f2e03083b1ddbc1b887ac082085cc47fbcccdd5cd66aea49c438652c
                                                                                                                                                                      • Opcode Fuzzy Hash: ee87b4c83f61686f7f17d252c76f24e2c90017590d4f72e3636283acb63cc684
                                                                                                                                                                      • Instruction Fuzzy Hash: 16114C35E01215CFDB549B78D8546EEB7F2FF88326F56806AD806AB344CB789802CF90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: cd1d17140d677db106a6a397178fd247fa780db7448dbe1fe6bfc51f45f075db
                                                                                                                                                                      • Instruction ID: 895f1646911389c18675fd27b44c3a1907cd0157050bf36f0e6c882b98fb9138
                                                                                                                                                                      • Opcode Fuzzy Hash: cd1d17140d677db106a6a397178fd247fa780db7448dbe1fe6bfc51f45f075db
                                                                                                                                                                      • Instruction Fuzzy Hash: 30112870E042498FDB14DBA9C454BEEBBF1AF48711F2481AAD801BB360DBB19945CFA0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337211265.0000000007F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F10000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_7f10000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 6fed63981bed593c33068ab6dc8f9f0748c815f6e4395083428e64f3856e9185
                                                                                                                                                                      • Instruction ID: fd1080997d0f7e979c3a1ce997d41fa0f1d13468e0fb6c6036b9b1ee54c0c60b
                                                                                                                                                                      • Opcode Fuzzy Hash: 6fed63981bed593c33068ab6dc8f9f0748c815f6e4395083428e64f3856e9185
                                                                                                                                                                      • Instruction Fuzzy Hash: 86014832104289BFCF129F99DD00CDE7F76FF89660B49444AFA8446121C272D8A5EB90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337211265.0000000007F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F10000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_7f10000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: b49ad775bc5d1c7575c0c47e86030368eb79fbc7d986a5a8511aff342defa7fe
                                                                                                                                                                      • Instruction ID: 14709afe788db9a2412c52bd00fd670be0290720ad9582da571ac28eafb7bbf4
                                                                                                                                                                      • Opcode Fuzzy Hash: b49ad775bc5d1c7575c0c47e86030368eb79fbc7d986a5a8511aff342defa7fe
                                                                                                                                                                      • Instruction Fuzzy Hash: B301DFB0A10245CFCB25EB74C510AADB7B2BF06304F244568C805AB3A5DB39ED09CF20
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 15b69992493af05943f5f25c6c1a2c02798f7f5da62c70e40befa48019954938
                                                                                                                                                                      • Instruction ID: 1b5aa3a8f2de92884b946010971a140fd6dab3bcabb48172c1e78aaf8dff81d1
                                                                                                                                                                      • Opcode Fuzzy Hash: 15b69992493af05943f5f25c6c1a2c02798f7f5da62c70e40befa48019954938
                                                                                                                                                                      • Instruction Fuzzy Hash: 8E010874E1025ADFCB40DFA8D8449EEBBB1FF48311B10496AE815EB710D7709A52CF90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 9783ffa702772aaafacd173407ca46d49dc1239c1155bb1d51c5f208dfef6105
                                                                                                                                                                      • Instruction ID: ec9386f70dfd4aae92956303b39ad7c494c7a244965457fc3068cd8c810d6519
                                                                                                                                                                      • Opcode Fuzzy Hash: 9783ffa702772aaafacd173407ca46d49dc1239c1155bb1d51c5f208dfef6105
                                                                                                                                                                      • Instruction Fuzzy Hash: FBF06D75E002659F8B40DF6ED8414EEBFF5BF88221B14406AD508E7611E73099918BD1
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337211265.0000000007F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F10000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_7f10000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 0890b54cec1df95271667e2a10e8819509cdb9acd5239def88d5bea25f40ad76
                                                                                                                                                                      • Instruction ID: cecbf29b92a635e85d1d358d4d3e927f843b68266d882f6045d1e559f403a5a1
                                                                                                                                                                      • Opcode Fuzzy Hash: 0890b54cec1df95271667e2a10e8819509cdb9acd5239def88d5bea25f40ad76
                                                                                                                                                                      • Instruction Fuzzy Hash: 60F0E236B001589BCB14A768D8595DEB7BAEBCA352F440079D902E7740CE7998178B90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337211265.0000000007F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F10000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_7f10000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 59f4fdadc734d2be8aa8f46ec35c7692690dc4d0039ff8ed5b39b980dc6dc451
                                                                                                                                                                      • Instruction ID: 0832161b87dbac70ba71d8cefaf0522a8d1e98d3434328ff9a1aaa3de7284247
                                                                                                                                                                      • Opcode Fuzzy Hash: 59f4fdadc734d2be8aa8f46ec35c7692690dc4d0039ff8ed5b39b980dc6dc451
                                                                                                                                                                      • Instruction Fuzzy Hash: 6A014B3200825CAFCF529F98D900CDA7FB6FF09394B055949FA8086021C735D860DB90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 3ef1c8b215e1985fd36c54718cb784997fc1ed217c4528a485341fbd26e585e9
                                                                                                                                                                      • Instruction ID: 2294070afe535f741ffa9a1154617099f6669b382a55ad7f30eb5baf15b5284f
                                                                                                                                                                      • Opcode Fuzzy Hash: 3ef1c8b215e1985fd36c54718cb784997fc1ed217c4528a485341fbd26e585e9
                                                                                                                                                                      • Instruction Fuzzy Hash: BF01D2B4E0021ADF8B44DFA9D8449EEBBF5FF48200B10842AE815E7310EB709911CFA0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337211265.0000000007F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F10000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_7f10000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 9e0b7d5e98d78a4d2e6e1b8b777e0767402197b107c9b81845d52677514328eb
                                                                                                                                                                      • Instruction ID: 328725b90aa587afda403eac9b710d9bae2d291553c6288be015162c417d410e
                                                                                                                                                                      • Opcode Fuzzy Hash: 9e0b7d5e98d78a4d2e6e1b8b777e0767402197b107c9b81845d52677514328eb
                                                                                                                                                                      • Instruction Fuzzy Hash: 72F0CA3210014DBBCF529E99DD00CDE3F7AFF897A4B499519FA4456220C772E8A1EB90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337211265.0000000007F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F10000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_7f10000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: b6073b292b5bcab0a28799f631446fcce21675523e92bcf087160f7817f03a51
                                                                                                                                                                      • Instruction ID: 4ac54998ab0bffbb4cf0675dccae7ee02be5b34b68865e880b430bc17e7fc7f3
                                                                                                                                                                      • Opcode Fuzzy Hash: b6073b292b5bcab0a28799f631446fcce21675523e92bcf087160f7817f03a51
                                                                                                                                                                      • Instruction Fuzzy Hash: F7E0E537B1025497CB14A668D8144EE73AAEBC9251F04007AE902E3700CF79DC158B90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337211265.0000000007F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F10000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_7f10000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: c01be52dacb2349d3469957de46df35ccbe4073b18692a51956e2df4f5e54b40
                                                                                                                                                                      • Instruction ID: 5e5cda6a0a8574a25eef88dd1bd29e8d68ac6d6798b5fc0aa2ce4a95d7328cbb
                                                                                                                                                                      • Opcode Fuzzy Hash: c01be52dacb2349d3469957de46df35ccbe4073b18692a51956e2df4f5e54b40
                                                                                                                                                                      • Instruction Fuzzy Hash: CFE026B3E08205AFD7178BA4A8464CDBFF9DB59170B0400BBE405D2202EF3996438791
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337211265.0000000007F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F10000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_7f10000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 570e9969b584b1cc357dd82e6137cac099600a0f925ecd8557bd3c8880f0e522
                                                                                                                                                                      • Instruction ID: eb317ff2be22ea55a56f0c72ef7c4d9398fe8827c2da067ea13a9c3be383f02d
                                                                                                                                                                      • Opcode Fuzzy Hash: 570e9969b584b1cc357dd82e6137cac099600a0f925ecd8557bd3c8880f0e522
                                                                                                                                                                      • Instruction Fuzzy Hash: 71F0BC3200020DBBCF429F98D900CDA3BAAFF08294B419505FE4496120D776E961AB90
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337211265.0000000007F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F10000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_7f10000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: fc37a9769b8f16e6fe3f23da599f0ec775b86fd70ecc3915ae2a1c653a648332
                                                                                                                                                                      • Instruction ID: a33c0ff7c9912ebee3c35621c40722b5f2759e50a109a8265999d023c5ae9f82
                                                                                                                                                                      • Opcode Fuzzy Hash: fc37a9769b8f16e6fe3f23da599f0ec775b86fd70ecc3915ae2a1c653a648332
                                                                                                                                                                      • Instruction Fuzzy Hash: 51E0E5B570901007D244B76CED50A5A7383DBC6320F1982B5D7168B3C5DE25CC064B91
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337211265.0000000007F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F10000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_7f10000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 31b5edbefa6fb622b38c44fcadf7cc33960ff1e9881122588e3bf6ef2d8400c0
                                                                                                                                                                      • Instruction ID: 804d76eec2421d0ddc745aaaaf1ad345a13f84696b439287a11a3aa61cadc39f
                                                                                                                                                                      • Opcode Fuzzy Hash: 31b5edbefa6fb622b38c44fcadf7cc33960ff1e9881122588e3bf6ef2d8400c0
                                                                                                                                                                      • Instruction Fuzzy Hash: A5E092743044204BE384BAACE910A5BB383DFCA311F1981B9D705CB389CE35DC028B81
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 4acbf6f5445d081dc214687d3fe538a7a8ecd6ef57b0752767dedceb202115ce
                                                                                                                                                                      • Instruction ID: 6e45c74241c363cbc41d37bf7488afbed2cbc8f18de26740dbfb9c60dccbad1b
                                                                                                                                                                      • Opcode Fuzzy Hash: 4acbf6f5445d081dc214687d3fe538a7a8ecd6ef57b0752767dedceb202115ce
                                                                                                                                                                      • Instruction Fuzzy Hash: 86E09231A0A3C58EDF22CBA4D9402E97FB89E03165F2A07DBC890DD0E3DA294745D392
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337211265.0000000007F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F10000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_7f10000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 9a9dbfa757d4dabe8e1acb908ed407634fbe55cb8ac099cc184d19c6a38c8f32
                                                                                                                                                                      • Instruction ID: ee949716b5dbdfc7d11910c4fc4c12c023856e63a2782a7cab42c4de6a6ba051
                                                                                                                                                                      • Opcode Fuzzy Hash: 9a9dbfa757d4dabe8e1acb908ed407634fbe55cb8ac099cc184d19c6a38c8f32
                                                                                                                                                                      • Instruction Fuzzy Hash: B1D05E72E04219AF9B159AA9E8458DE7FBAEB58270F14407AE809E2200EF359A018690
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 2a57589706a1cbaba40181b88c68b23a3bb14678f43f990fa4911f1a241342aa
                                                                                                                                                                      • Instruction ID: 8cbd15075e4a2b4a638f44576528c8ff28f89b52a7321bfed639a26cbb2ff7fd
                                                                                                                                                                      • Opcode Fuzzy Hash: 2a57589706a1cbaba40181b88c68b23a3bb14678f43f990fa4911f1a241342aa
                                                                                                                                                                      • Instruction Fuzzy Hash: BCD05E36105345DFC7164E6AB4444D17F3A9E63A0534490DBE8098B763C737A45AC761
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337211265.0000000007F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F10000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_7f10000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: e81208fc8795cb30f0ca31824f2c91bd8196202c36c4233a887c22a0fd7bb618
                                                                                                                                                                      • Instruction ID: 08ff79b7a99ce82efb3259ac11e4941deccbf44c4607a9b3cde23c3062948531
                                                                                                                                                                      • Opcode Fuzzy Hash: e81208fc8795cb30f0ca31824f2c91bd8196202c36c4233a887c22a0fd7bb618
                                                                                                                                                                      • Instruction Fuzzy Hash: 79D05E70B0520CAFDB40DFB4D80079EB7FAEB84308F1185B99A08C7355EE756E009B91
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337211265.0000000007F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07F10000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_7f10000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 2d5dc262847e9f06148e4353283c9272aa0626ad1aac976405f1e70bcc1de42d
                                                                                                                                                                      • Instruction ID: 3d19cf2562c1ddcb9d137ba5a7a5f2701015b60d7fa6764534b352a60f91d0d8
                                                                                                                                                                      • Opcode Fuzzy Hash: 2d5dc262847e9f06148e4353283c9272aa0626ad1aac976405f1e70bcc1de42d
                                                                                                                                                                      • Instruction Fuzzy Hash: A3A3E97461020A8FD754DF19D881B897BB2FF8834CF218998E5489F266DBB1ED478BD0
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 86a4ca2158be46cf6573f595ac4170abd1f6e4c6d99d9078a2f7a55abbe4a49e
                                                                                                                                                                      • Instruction ID: 6af5920b9ba58dcc9debd6ccc6907b821d10998873da24f43a7a604c841e226f
                                                                                                                                                                      • Opcode Fuzzy Hash: 86a4ca2158be46cf6573f595ac4170abd1f6e4c6d99d9078a2f7a55abbe4a49e
                                                                                                                                                                      • Instruction Fuzzy Hash: 58C174343823406FF7256735EC62B2A3E529BC1F19F3441A9B641AF3D5CEB2AC468794
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337553047.0000000008470000.00000040.00000800.00020000.00000000.sdmp, Offset: 08470000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8470000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 28cb4e56db78080c517bbd53b261afdc28d72b9f5e6dfce6d7120e2123681a5b
                                                                                                                                                                      • Instruction ID: 979d4968dba1172325b5a27e9e063b1901e5c84a54fe72f9cd56586c541196c0
                                                                                                                                                                      • Opcode Fuzzy Hash: 28cb4e56db78080c517bbd53b261afdc28d72b9f5e6dfce6d7120e2123681a5b
                                                                                                                                                                      • Instruction Fuzzy Hash: FDC163343823406FF7256735EC62B2A3E529BC5F19F3441A9B641AF3D5CEB2AC068794
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337472676.0000000008450000.00000040.00000800.00020000.00000000.sdmp, Offset: 08450000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8450000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: f32179cf935b06e7a97497f110c63082e3472a61da553f176dcfed3552a423df
                                                                                                                                                                      • Instruction ID: cf3612ac3a595a64abd04c8884bddb546432af86f089ca11f5a0ecf8d2856998
                                                                                                                                                                      • Opcode Fuzzy Hash: f32179cf935b06e7a97497f110c63082e3472a61da553f176dcfed3552a423df
                                                                                                                                                                      • Instruction Fuzzy Hash: F3C15374385301ABFB256731EC52B2E3A63EBC2B19F608469E6425F3D5CEB69C42C750
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                      • Source File: 00000006.00000002.337472676.0000000008450000.00000040.00000800.00020000.00000000.sdmp, Offset: 08450000, based on PE: false
                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                      • Snapshot File: hcaresult_6_2_8450000_powershell.jbxd
                                                                                                                                                                      Similarity
                                                                                                                                                                      • API ID:
                                                                                                                                                                      • String ID:
                                                                                                                                                                      • API String ID:
                                                                                                                                                                      • Opcode ID: 07a8c7925c31016d40b5273f27b7e07fe36e2a4df9c369f01ec7139770bb9fab
                                                                                                                                                                      • Instruction ID: 856f316b23d39f4ec68d7f7d686f631f7f5c9a213a9a89d6ec54e1c538d1faf4
                                                                                                                                                                      • Opcode Fuzzy Hash: 07a8c7925c31016d40b5273f27b7e07fe36e2a4df9c369f01ec7139770bb9fab
                                                                                                                                                                      • Instruction Fuzzy Hash: 66C13374385301ABFB256731EC52B2E3A63EBC2B19F608469E6425F3D5CEB69C428750
                                                                                                                                                                      Uniqueness

                                                                                                                                                                      Uniqueness Score: -1.00%