Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
#U6837#U672c.jar

Overview

General Information

Sample Name:#U6837#U672c.jar
Analysis ID:631576
MD5:8a5f40cbc394e138255c6d1a775d6a26
SHA1:dc53deaa3b02534cead9e371010e00f91e229b50
SHA256:6b96b0e9285822fb15c20d61ac65c9ba6028f423d5aaf7ebd4fa9fa9a435b838
Tags:jar
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Encrypted powershell cmdline option found
Exploit detected, runtime environment starts unknown processes
Very long command line found
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Queries the volume information (name, serial number etc) of a device
Drops PE files
Uses cacls to modify the permissions of files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Compiles C# or VB.Net code
Found dropped PE file which has not been started or loaded
Creates a process in suspended mode (likely to inject code)
IP address seen in connection with other malware
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Enables debug privileges

Classification

  • System is w10x64
  • cmd.exe (PID: 6404 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\#U6837#U672c.jar"" >> C:\cmdlinestart.log 2>&1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
    • conhost.exe (PID: 6412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • java.exe (PID: 6460 cmdline: "C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\#U6837#U672c.jar" MD5: 28733BA8C383E865338638DF5196E6FE)
      • icacls.exe (PID: 6516 cmdline: C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M MD5: FF0D1D4317A44C951240FAE75075D501)
        • conhost.exe (PID: 6524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • powershell.exe (PID: 6608 cmdline: powershell.exe -EncodedCommand JgAgAHsACgBbAEMAbwBuAHMAbwBsAGUAXQA6ADoATwB1AHQAcAB1AHQARQBuAGMAbwBkAGkAbgBnACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgACgBBAGQAZAAtAFQAeQBwAGUAIABAACIACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQA7AAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMAOwAKAHAAdQBiAGwAaQBjACAAYwBsAGEAcwBzACAARABpAHIAIAB7AAoAIAAgAFsARABsAGwASQBtAHAAbwByAHQAKAAiAHMAaABlAGwAbAAzADIALgBkAGwAbAAiACkAXQAKACAAIABwAHIAaQB2AGEAdABlACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAGkAbgB0ACAAUwBIAEcAZQB0AEsAbgBvAHcAbgBGAG8AbABkAGUAcgBQAGEAdABoACgAWwBNAGEAcgBzAGgAYQBsAEEAcwAoAFUAbgBtAGEAbgBhAGcAZQBkAFQAeQBwAGUALgBMAFAAUwB0AHIAdQBjAHQAKQBdACAARwB1AGkAZAAgAHIAZgBpAGQALAAgAHUAaQBuAHQAIABkAHcARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGgAVABvAGsAZQBuACwAIABvAHUAdAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAApADsACgAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAHMAdAByAGkAbgBnACAARwBlAHQASwBuAG8AdwBuAEYAbwBsAGQAZQByAFAAYQB0AGgAKABzAHQAcgBpAG4AZwAgAHIAZgBpAGQAKQAgAHsACgAgACAAIAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAA7AAoAIAAgACAAIABpAGYAIAAoAFMASABHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoAG4AZQB3ACAARwB1AGkAZAAoAHIAZgBpAGQAKQAsACAAMAAsACAASQBuAHQAUAB0AHIALgBaAGUAcgBvACwAIABvAHUAdAAgAHAAcwB6AFAAYQB0AGgAKQAgACEAPQAgADAAKQAgAHIAZQB0AHUAcgBuACAAIgAiADsACgAgACAAIAAgAHMAdAByAGkAbgBnACAAcABhAHQAaAAgAD0AIABNAGEAcgBzAGgAYQBsAC4AUAB0AHIAVABvAFMAdAByAGkAbgBnAFUAbgBpACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAE0AYQByAHMAaABhAGwALgBGAHIAZQBlAEMAbwBUAGEAcwBrAE0AZQBtACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAHIAZQB0AHUAcgBuACAAcABhAHQAaAA7AAoAIAAgAH0ACgB9AAoAIgBAAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIANQBFADYAQwA4ADUAOABGAC0AMABFADIAMgAtADQANwA2ADAALQA5AEEARgBFAC0ARQBBADMAMwAxADcAQgA2ADcAMQA3ADMAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIAMwBFAEIANgA4ADUARABCAC0ANgA1AEYAOQAtADQAQwBGADYALQBBADAAMwBBAC0ARQAzAEUARgA2ADUANwAyADkARgAzAEQAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIARgAxAEIAMwAyADcAOAA1AC0ANgBGAEIAQQAtADQARgBDAEYALQA5AEQANQA1AC0ANwBCADgARQA3AEYAMQA1ADcAMAA5ADEAIgApAAoAfQA= MD5: DBA3E6449E97D4E3DF64527EF7012A10)
        • conhost.exe (PID: 6648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • csc.exe (PID: 6884 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.cmdline MD5: 350C52F71BDED7B99668585C15D70EEA)
          • cvtres.exe (PID: 5776 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3439.tmp" "c:\Users\user\AppData\Local\Temp\yg5wq3iq\CSC2B87B97A30754CA98C52C2EC748AF94C.TMP" MD5: C09985AE74F0882F208D75DE27770DFA)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll
Source: unknownHTTPS traffic detected: 140.82.121.5:443 -> 192.168.2.3:49753 version: TLS 1.2

Software Vulnerabilities

barindex
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Source: Joe Sandbox ViewJA3 fingerprint: d2935c58fe676744fecc8614ee5356c7
Source: Joe Sandbox ViewIP Address: 140.82.121.5 140.82.121.5
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/3
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/allow-java-encodings
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error=
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations9
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations;
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/parser-settings
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicates
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only/
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/namespace-growth
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd7
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs6
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs3
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/standard-uri-conformant
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/standard-uri-conformant2
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validate-annotations
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-treesyP1
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/dynamic
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/dynamicnal/xni
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking=
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/element-default
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/element-defaultA
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-value
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-valueB
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/schema1
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdefD
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef:
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydef
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/features/xinclude7
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/D
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/input-buffer-size
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory:
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/document-scanner
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/document-scanner7
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor5
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner8
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-manager
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-manager8
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver7
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-handler
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-reporter
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/error-reporter:
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool6
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-binder
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/namespace-context
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver=
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/symbol-table
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/symbol-tableQ
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation-manager
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory7
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/validator/schema
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/locale
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation?
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation(
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/security-manager
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/properties/security-managerD
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypes
Source: java.exe, 00000002.00000002.517323221.0000000009FC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bugreport.sun.com/bugreport/
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: java.exe, 00000002.00000002.517348175.0000000009FD5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.oracle.com/
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/dom/properties/
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage4
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/8
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtd
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event0y
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing&
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD;
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchema
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html#appender_order
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html#block
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html#earlier_fa_collision
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html#ifJanino
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html#ifJaninoLineNu
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html#layoutInsteadOfEncoder
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html#missingRightParenthesis
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html#missingRightParenthesisonditio
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html#null_CS
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html#null_CSht
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html#sat_missing_integer_token
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html#sat_missing_integer_token3ch/q
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/codes.html#tbr_fnp_not_set
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://logback.qos.ch/manual/
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.523754221.0000000015BF0000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.525290861.0000000016047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://null.oracle.com/
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com0
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/0
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
Source: java.exe, 00000002.00000003.371284324.000000001A5CC000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.371614607.000000001A5CC000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.372007318.000000001A5CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.com
Source: java.exe, 00000002.00000003.372321347.000000001A5CC000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.372503883.000000001A5CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.com8
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
Source: java.exe, 00000002.00000002.519659828.000000000A78D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org1
Source: java.exe, 00000002.00000003.366908558.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367867039.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367920213.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367555762.000000001A528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comC
Source: java.exe, 00000002.00000003.366908558.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367555762.000000001A528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.coms
Source: java.exe, 00000002.00000003.364008096.000000001A5D2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367125571.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365417219.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364923911.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.363715049.000000001A5D2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364166636.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364685791.000000001A5CB000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367621099.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.363962074.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365710903.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367540017.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.363573890.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.363600655.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364541190.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364989262.000000001A5BC000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367581782.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364257114.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367223930.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365518800.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.363860163.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364348330.000000001A529000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: java.exe, 00000002.00000003.361639909.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361550071.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361715531.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361475761.000000001A5D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn//
Source: java.exe, 00000002.00000003.366377964.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.366327186.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365988091.000000001A5D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/n
Source: java.exe, 00000002.00000003.366377964.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.366327186.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367463505.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367125571.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365417219.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364685791.000000001A5CB000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367621099.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367540017.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364989262.000000001A5BC000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367581782.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367223930.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364803169.000000001A5CB000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365988091.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.366575802.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367342649.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365241372.000000001A5CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnm
Source: java.exe, 00000002.00000003.361324132.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361112768.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361054366.000000001A5D2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.360957466.000000001A5D2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361138940.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361344233.000000001A5D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/
Source: java.exe, 00000002.00000003.361386794.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361324132.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361112768.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361054366.000000001A5D2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.360957466.000000001A5D2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361475761.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361138940.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361344233.000000001A5D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/x
Source: java.exe, 00000002.00000003.379215569.000000001A50E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.386917865.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.381672244.000000001A50E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.382202087.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.384744761.000000001A528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: java.exe, 00000002.00000003.386917865.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.381672244.000000001A50E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.382202087.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.384744761.000000001A528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp//
Source: java.exe, 00000002.00000003.386917865.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.384744761.000000001A528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/1
Source: java.exe, 00000002.00000003.379215569.000000001A50E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.386917865.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.381672244.000000001A50E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.382202087.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.384744761.000000001A528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/F
Source: java.exe, 00000002.00000003.386917865.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.381672244.000000001A50E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.382202087.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.384744761.000000001A528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/_
Source: java.exe, 00000002.00000003.386917865.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.384744761.000000001A528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp//
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/feature/use-service-mechanism
Source: java.exe, 00000002.00000002.525463036.000000001619F000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.520518068.000000000A936000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/technetwork/java/javafx/index.html
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/Y
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementAttributeLimit
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit9
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepth
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepthT
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimit
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimit
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimith
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxXMLNameLimit
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimit
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManager
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManagerx
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html
Source: java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#StaticLoggerBinder
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#loggerNameMismatch
Source: java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#loggerNameMismatch4
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#multiple_bindings
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#no_static_mdc_binder
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#no_static_mdc_binder-
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#null_LF
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#null_MDCA
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#null_MDCAFile
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#replay
Source: java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#replayj
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#substituteLogger
Source: java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#substituteLoggerss
Source: java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#substituteLoggerssss
Source: java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#unsuccessfulInit
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#unsuccessfulInit)
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#version_mismatch
Source: java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.slf4j.org/codes.html#version_mismatchS
Source: java.exe, 00000002.00000003.366908558.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367867039.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367920213.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367555762.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.366575802.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.366792094.000000001A528000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: java.exe, 00000002.00000003.366575802.000000001A5D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cno.
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/9
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entities
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entities7
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entities
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entities(
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces&
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/string-interning
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/validation
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/declaration-handler
Source: java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/declaration-handler&
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/dom-node
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/lexical-handler
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/xml-string
Source: java.exe, 00000002.00000002.523754221.0000000015BF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.github.com/repos/Col-E/Recaf/releases/latest
Source: java.exe, 00000002.00000002.517348175.0000000009FD5000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.525463036.000000001619F000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://col-e.github.io/Recaf-documentation/
Source: java.exe, 00000002.00000002.522356164.0000000014E60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://col-e.github.io/Recaf-documentation/onit
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Col-E/Recaf/issues/new/choose
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com
Source: java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://repo1.maven.org/maven2/org/openjfx/javafx-%s/%s/javafx-%s-%s
Source: java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://repo1.maven.org/maven2/org/openjfx/javafx-%s/%s/javafx-%s-%sssL
Source: java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://repo1.maven.org/maven2/org/openjfx/javafx-base/18-ea
Source: java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://repo1.maven.org/maven2/org/openjfx/javafx-controls/18-ea
Source: java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://repo1.maven.org/maven2/org/openjfx/javafx-graphics/18-ea
Source: java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://repo1.maven.org/maven2/org/openjfx/javafx-media/18-ea
Source: unknownDNS traffic detected: queries for: api.github.com
Source: unknownHTTPS traffic detected: 140.82.121.5:443 -> 192.168.2.3:49753 version: TLS 1.2

System Summary

barindex
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: Commandline size = 2163
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: Commandline size = 2163
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_07F18390
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_07F18390
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_07F10006
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_08458561
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_08458570
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_08475F10
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_084765C0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_08471570
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_08471580
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_08489DE0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_0848B1F0
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_0848A652
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_084897A3
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_07F10040
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_07F1BF20
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_07F1BF11
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_07F1BF1E
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\#U6837#U672c.jar"" >> C:\cmdlinestart.log 2>&1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\#U6837#U672c.jar"
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Source: C:\Windows\SysWOW64\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -EncodedCommand JgAgAHsACgBbAEMAbwBuAHMAbwBsAGUAXQA6ADoATwB1AHQAcAB1AHQARQBuAGMAbwBkAGkAbgBnACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgACgBBAGQAZAAtAFQAeQBwAGUAIABAACIACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQA7AAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMAOwAKAHAAdQBiAGwAaQBjACAAYwBsAGEAcwBzACAARABpAHIAIAB7AAoAIAAgAFsARABsAGwASQBtAHAAbwByAHQAKAAiAHMAaABlAGwAbAAzADIALgBkAGwAbAAiACkAXQAKACAAIABwAHIAaQB2AGEAdABlACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAGkAbgB0ACAAUwBIAEcAZQB0AEsAbgBvAHcAbgBGAG8AbABkAGUAcgBQAGEAdABoACgAWwBNAGEAcgBzAGgAYQBsAEEAcwAoAFUAbgBtAGEAbgBhAGcAZQBkAFQAeQBwAGUALgBMAFAAUwB0AHIAdQBjAHQAKQBdACAARwB1AGkAZAAgAHIAZgBpAGQALAAgAHUAaQBuAHQAIABkAHcARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGgAVABvAGsAZQBuACwAIABvAHUAdAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAApADsACgAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAHMAdAByAGkAbgBnACAARwBlAHQASwBuAG8AdwBuAEYAbwBsAGQAZQByAFAAYQB0AGgAKABzAHQAcgBpAG4AZwAgAHIAZgBpAGQAKQAgAHsACgAgACAAIAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAA7AAoAIAAgACAAIABpAGYAIAAoAFMASABHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoAG4AZQB3ACAARwB1AGkAZAAoAHIAZgBpAGQAKQAsACAAMAAsACAASQBuAHQAUAB0AHIALgBaAGUAcgBvACwAIABvAHUAdAAgAHAAcwB6AFAAYQB0AGgAKQAgACEAPQAgADAAKQAgAHIAZQB0AHUAcgBuACAAIgAiADsACgAgACAAIAAgAHMAdAByAGkAbgBnACAAcABhAHQAaAAgAD0AIABNAGEAcgBzAGgAYQBsAC4AUAB0AHIAVABvAFMAdAByAGkAbgBnAFUAbgBpACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAE0AYQByAHMAaABhAGwALgBGAHIAZQBlAEMAbwBUAGEAcwBrAE0AZQBtACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAHIAZQB0AHUAcgBuACAAcABhAHQAaAA7AAoAIAAgAH0ACgB9AAoAIgBAAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIANQBFADYAQwA4ADUAOABGAC0AMABFADIAMgAtADQANwA2ADAALQA5AEEARgBFAC0ARQBBADMAMwAxADcAQgA2ADcAMQA3ADMAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIAMwBFAEIANgA4ADUARABCAC0ANgA1AEYAOQAtADQAQwBGADYALQBBADAAMwBBAC0ARQAzAEUARgA2ADUANwAyADkARgAzAEQAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIARgAxAEIAMwAyADcAOAA1AC0ANgBGAEIAQQAtADQARgBDAEYALQA5AEQANQA1AC0ANwBCADgARQA3AEYAMQA1ADcAMAA5ADEAIgApAAoAfQA=
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.cmdline
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3439.tmp" "c:\Users\user\AppData\Local\Temp\yg5wq3iq\CSC2B87B97A30754CA98C52C2EC748AF94C.TMP"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\#U6837#U672c.jar"
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -EncodedCommand JgAgAHsACgBbAEMAbwBuAHMAbwBsAGUAXQA6ADoATwB1AHQAcAB1AHQARQBuAGMAbwBkAGkAbgBnACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgACgBBAGQAZAAtAFQAeQBwAGUAIABAACIACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQA7AAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMAOwAKAHAAdQBiAGwAaQBjACAAYwBsAGEAcwBzACAARABpAHIAIAB7AAoAIAAgAFsARABsAGwASQBtAHAAbwByAHQAKAAiAHMAaABlAGwAbAAzADIALgBkAGwAbAAiACkAXQAKACAAIABwAHIAaQB2AGEAdABlACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAGkAbgB0ACAAUwBIAEcAZQB0AEsAbgBvAHcAbgBGAG8AbABkAGUAcgBQAGEAdABoACgAWwBNAGEAcgBzAGgAYQBsAEEAcwAoAFUAbgBtAGEAbgBhAGcAZQBkAFQAeQBwAGUALgBMAFAAUwB0AHIAdQBjAHQAKQBdACAARwB1AGkAZAAgAHIAZgBpAGQALAAgAHUAaQBuAHQAIABkAHcARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGgAVABvAGsAZQBuACwAIABvAHUAdAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAApADsACgAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAHMAdAByAGkAbgBnACAARwBlAHQASwBuAG8AdwBuAEYAbwBsAGQAZQByAFAAYQB0AGgAKABzAHQAcgBpAG4AZwAgAHIAZgBpAGQAKQAgAHsACgAgACAAIAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAA7AAoAIAAgACAAIABpAGYAIAAoAFMASABHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoAG4AZQB3ACAARwB1AGkAZAAoAHIAZgBpAGQAKQAsACAAMAAsACAASQBuAHQAUAB0AHIALgBaAGUAcgBvACwAIABvAHUAdAAgAHAAcwB6AFAAYQB0AGgAKQAgACEAPQAgADAAKQAgAHIAZQB0AHUAcgBuACAAIgAiADsACgAgACAAIAAgAHMAdAByAGkAbgBnACAAcABhAHQAaAAgAD0AIABNAGEAcgBzAGgAYQBsAC4AUAB0AHIAVABvAFMAdAByAGkAbgBnAFUAbgBpACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAE0AYQByAHMAaABhAGwALgBGAHIAZQBlAEMAbwBUAGEAcwBrAE0AZQBtACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAHIAZQB0AHUAcgBuACAAcABhAHQAaAA7AAoAIAAgAH0ACgB9AAoAIgBAAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIANQBFADYAQwA4ADUAOABGAC0AMABFADIAMgAtADQANwA2ADAALQA5AEEARgBFAC0ARQBBADMAMwAxADcAQgA2ADcAMQA3ADMAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIAMwBFAEIANgA4ADUARABCAC0ANgA1AEYAOQAtADQAQwBGADYALQBBADAAMwBBAC0ARQAzAEUARgA2ADUANwAyADkARgAzAEQAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIARgAxAEIAMwAyADcAOAA1AC0ANgBGAEIAQQAtADQARgBDAEYALQA5AEQANQA1AC0ANwBCADgARQA3AEYAMQA1ADcAMAA5ADEAIgApAAoAfQA=
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.cmdline
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3439.tmp" "c:\Users\user\AppData\Local\Temp\yg5wq3iq\CSC2B87B97A30754CA98C52C2EC748AF94C.TMP"
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6648:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6412:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6524:120:WilError_01
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeFile created: C:\Users\user\AppData\Roaming\RecafJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeFile created: C:\Users\user\AppData\Local\Temp\hsperfdata_userJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeSection loaded: C:\Program Files (x86)\Java\jre1.8.0_211\bin\client\jvm.dll
Source: java.exeString found in binary or memory: sun/launcher/
Source: classification engineClassification label: mal52.expl.evad.winJAR@14/10@1/2
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
Source: #U6837#U672c.jarStatic file information: File size 39147646 > 1048576
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeCode function: 2_2_0285D877 push 00000000h; mov dword ptr [esp], esp
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_08458FE0 push eax; retf
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_08458092 pushad ; ret
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.cmdline
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.cmdline
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.dllJump to dropped file
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2465
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 801
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6808Thread sleep count: 2465 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6808Thread sleep count: 801 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6880Thread sleep count: 31 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6232Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.dllJump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: java.exe, 00000002.00000003.246597794.0000000014E6F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: java/lang/VirtualMachineError
Source: java.exe, 00000002.00000003.246597794.0000000014E6F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: &com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: java.exe, 00000002.00000002.514236461.0000000002750000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ,java/lang/VirtualMachineError
Source: java.exe, 00000002.00000002.514236461.0000000002750000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: |[Ljava/lang/VirtualMachineError;
Source: java.exe, 00000002.00000002.517348175.0000000009FD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: org/omg/CORBA/OMGVMCID
Source: java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: @com.sun.tools.attach.VirtualMachinendLin
Source: java.exe, 00000002.00000002.517348175.0000000009FD5000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.525463036.000000001619F000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: #com.sun.tools.attach.VirtualMachine
Source: java.exe, 00000002.00000003.246597794.0000000014E6F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: org/omg/CORBA/OMGVMCID.classPK
Source: java.exe, 00000002.00000003.246597794.0000000014E6F000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: java/lang/VirtualMachineError.classPK
Source: java.exe, 00000002.00000002.525463036.000000001619F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: W0(Lcom/sun/tools/attach/VirtualMachineDescriptor;)Lcom/sun/tools/attach/VirtualMachine;
Source: java.exe, 00000002.00000002.517348175.0000000009FD5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: #com/sun/corba/se/impl/util/SUNVMCID
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeCode function: 2_2_02850632 LdrInitializeThunk,LdrInitializeThunk,
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeMemory protected: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: Base64 decoded & {[Console]::OutputEncoding = [System.Text.Encoding]::UTF8Add-Type @"using System;using System.Runtime.InteropServices;public class Dir { [DllImport("shell32.dll")] private static extern int SHGetKnownFolderPath([MarshalAs(UnmanagedType.LPStruct)] Guid rfid, uint dwFlags, IntPtr hToken, out IntPtr pszPath); public static string GetKnownFolderPath(string rfid) { IntPtr pszPath; if (SHGetKnownFolderPath(new Guid(rfid), 0, IntPtr.Zero, out pszPath) != 0) return ""; string path = Marshal.PtrToStringUni(pszPath); Marshal.FreeCoTaskMem(pszPath); return path; }}"@[Dir]::GetKnownFolderPath("5E6C858F-0E22-4760-9AFE-EA3317B67173")[Dir]::GetKnownFolderPath("3EB685DB-65F9-4CF6-A03A-E3EF65729F3D")[Dir]::GetKnownFolderPath("F1B32785-6FBA-4FCF-9D55-7B8E7F157091")}
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: Base64 decoded & {[Console]::OutputEncoding = [System.Text.Encoding]::UTF8Add-Type @"using System;using System.Runtime.InteropServices;public class Dir { [DllImport("shell32.dll")] private static extern int SHGetKnownFolderPath([MarshalAs(UnmanagedType.LPStruct)] Guid rfid, uint dwFlags, IntPtr hToken, out IntPtr pszPath); public static string GetKnownFolderPath(string rfid) { IntPtr pszPath; if (SHGetKnownFolderPath(new Guid(rfid), 0, IntPtr.Zero, out pszPath) != 0) return ""; string path = Marshal.PtrToStringUni(pszPath); Marshal.FreeCoTaskMem(pszPath); return path; }}"@[Dir]::GetKnownFolderPath("5E6C858F-0E22-4760-9AFE-EA3317B67173")[Dir]::GetKnownFolderPath("3EB685DB-65F9-4CF6-A03A-E3EF65729F3D")[Dir]::GetKnownFolderPath("F1B32785-6FBA-4FCF-9D55-7B8E7F157091")}
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -EncodedCommand JgAgAHsACgBbAEMAbwBuAHMAbwBsAGUAXQA6ADoATwB1AHQAcAB1AHQARQBuAGMAbwBkAGkAbgBnACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgACgBBAGQAZAAtAFQAeQBwAGUAIABAACIACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQA7AAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMAOwAKAHAAdQBiAGwAaQBjACAAYwBsAGEAcwBzACAARABpAHIAIAB7AAoAIAAgAFsARABsAGwASQBtAHAAbwByAHQAKAAiAHMAaABlAGwAbAAzADIALgBkAGwAbAAiACkAXQAKACAAIABwAHIAaQB2AGEAdABlACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAGkAbgB0ACAAUwBIAEcAZQB0AEsAbgBvAHcAbgBGAG8AbABkAGUAcgBQAGEAdABoACgAWwBNAGEAcgBzAGgAYQBsAEEAcwAoAFUAbgBtAGEAbgBhAGcAZQBkAFQAeQBwAGUALgBMAFAAUwB0AHIAdQBjAHQAKQBdACAARwB1AGkAZAAgAHIAZgBpAGQALAAgAHUAaQBuAHQAIABkAHcARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGgAVABvAGsAZQBuACwAIABvAHUAdAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAApADsACgAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAHMAdAByAGkAbgBnACAARwBlAHQASwBuAG8AdwBuAEYAbwBsAGQAZQByAFAAYQB0AGgAKABzAHQAcgBpAG4AZwAgAHIAZgBpAGQAKQAgAHsACgAgACAAIAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAA7AAoAIAAgACAAIABpAGYAIAAoAFMASABHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoAG4AZQB3ACAARwB1AGkAZAAoAHIAZgBpAGQAKQAsACAAMAAsACAASQBuAHQAUAB0AHIALgBaAGUAcgBvACwAIABvAHUAdAAgAHAAcwB6AFAAYQB0AGgAKQAgACEAPQAgADAAKQAgAHIAZQB0AHUAcgBuACAAIgAiADsACgAgACAAIAAgAHMAdAByAGkAbgBnACAAcABhAHQAaAAgAD0AIABNAGEAcgBzAGgAYQBsAC4AUAB0AHIAVABvAFMAdAByAGkAbgBnAFUAbgBpACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAE0AYQByAHMAaABhAGwALgBGAHIAZQBlAEMAbwBUAGEAcwBrAE0AZQBtACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAHIAZQB0AHUAcgBuACAAcABhAHQAaAA7AAoAIAAgAH0ACgB9AAoAIgBAAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIANQBFADYAQwA4ADUAOABGAC0AMABFADIAMgAtADQANwA2ADAALQA5AEEARgBFAC0ARQBBADMAMwAxADcAQgA2ADcAMQA3ADMAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIAMwBFAEIANgA4ADUARABCAC0ANgA1AEYAOQAtADQAQwBGADYALQBBADAAMwBBAC0ARQAzAEUARgA2ADUANwAyADkARgAzAEQAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIARgAxAEIAMwAyADcAOAA1AC0ANgBGAEIAQQAtADQARgBDAEYALQA5AEQANQA1AC0ANwBCADgARQA3AEYAMQA1ADcAMAA5ADEAIgApAAoAfQA=
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -EncodedCommand JgAgAHsACgBbAEMAbwBuAHMAbwBsAGUAXQA6ADoATwB1AHQAcAB1AHQARQBuAGMAbwBkAGkAbgBnACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgACgBBAGQAZAAtAFQAeQBwAGUAIABAACIACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQA7AAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMAOwAKAHAAdQBiAGwAaQBjACAAYwBsAGEAcwBzACAARABpAHIAIAB7AAoAIAAgAFsARABsAGwASQBtAHAAbwByAHQAKAAiAHMAaABlAGwAbAAzADIALgBkAGwAbAAiACkAXQAKACAAIABwAHIAaQB2AGEAdABlACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAGkAbgB0ACAAUwBIAEcAZQB0AEsAbgBvAHcAbgBGAG8AbABkAGUAcgBQAGEAdABoACgAWwBNAGEAcgBzAGgAYQBsAEEAcwAoAFUAbgBtAGEAbgBhAGcAZQBkAFQAeQBwAGUALgBMAFAAUwB0AHIAdQBjAHQAKQBdACAARwB1AGkAZAAgAHIAZgBpAGQALAAgAHUAaQBuAHQAIABkAHcARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGgAVABvAGsAZQBuACwAIABvAHUAdAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAApADsACgAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAHMAdAByAGkAbgBnACAARwBlAHQASwBuAG8AdwBuAEYAbwBsAGQAZQByAFAAYQB0AGgAKABzAHQAcgBpAG4AZwAgAHIAZgBpAGQAKQAgAHsACgAgACAAIAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAA7AAoAIAAgACAAIABpAGYAIAAoAFMASABHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoAG4AZQB3ACAARwB1AGkAZAAoAHIAZgBpAGQAKQAsACAAMAAsACAASQBuAHQAUAB0AHIALgBaAGUAcgBvACwAIABvAHUAdAAgAHAAcwB6AFAAYQB0AGgAKQAgACEAPQAgADAAKQAgAHIAZQB0AHUAcgBuACAAIgAiADsACgAgACAAIAAgAHMAdAByAGkAbgBnACAAcABhAHQAaAAgAD0AIABNAGEAcgBzAGgAYQBsAC4AUAB0AHIAVABvAFMAdAByAGkAbgBnAFUAbgBpACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAE0AYQByAHMAaABhAGwALgBGAHIAZQBlAEMAbwBUAGEAcwBrAE0AZQBtACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAHIAZQB0AHUAcgBuACAAcABhAHQAaAA7AAoAIAAgAH0ACgB9AAoAIgBAAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIANQBFADYAQwA4ADUAOABGAC0AMABFADIAMgAtADQANwA2ADAALQA5AEEARgBFAC0ARQBBADMAMwAxADcAQgA2ADcAMQA3ADMAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIAMwBFAEIANgA4ADUARABCAC0ANgA1AEYAOQAtADQAQwBGADYALQBBADAAMwBBAC0ARQAzAEUARgA2ADUANwAyADkARgAzAEQAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIARgAxAEIAMwAyADcAOAA1AC0ANgBGAEIAQQAtADQARgBDAEYALQA5AEQANQA1AC0ANwBCADgARQA3AEYAMQA1ADcAMAA5ADEAIgApAAoAfQA=
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe "C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\#U6837#U672c.jar"
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: C:\Windows\SysWOW64\icacls.exe C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe -EncodedCommand JgAgAHsACgBbAEMAbwBuAHMAbwBsAGUAXQA6ADoATwB1AHQAcAB1AHQARQBuAGMAbwBkAGkAbgBnACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgACgBBAGQAZAAtAFQAeQBwAGUAIABAACIACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQA7AAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMAOwAKAHAAdQBiAGwAaQBjACAAYwBsAGEAcwBzACAARABpAHIAIAB7AAoAIAAgAFsARABsAGwASQBtAHAAbwByAHQAKAAiAHMAaABlAGwAbAAzADIALgBkAGwAbAAiACkAXQAKACAAIABwAHIAaQB2AGEAdABlACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAGkAbgB0ACAAUwBIAEcAZQB0AEsAbgBvAHcAbgBGAG8AbABkAGUAcgBQAGEAdABoACgAWwBNAGEAcgBzAGgAYQBsAEEAcwAoAFUAbgBtAGEAbgBhAGcAZQBkAFQAeQBwAGUALgBMAFAAUwB0AHIAdQBjAHQAKQBdACAARwB1AGkAZAAgAHIAZgBpAGQALAAgAHUAaQBuAHQAIABkAHcARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGgAVABvAGsAZQBuACwAIABvAHUAdAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAApADsACgAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAHMAdAByAGkAbgBnACAARwBlAHQASwBuAG8AdwBuAEYAbwBsAGQAZQByAFAAYQB0AGgAKABzAHQAcgBpAG4AZwAgAHIAZgBpAGQAKQAgAHsACgAgACAAIAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAA7AAoAIAAgACAAIABpAGYAIAAoAFMASABHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoAG4AZQB3ACAARwB1AGkAZAAoAHIAZgBpAGQAKQAsACAAMAAsACAASQBuAHQAUAB0AHIALgBaAGUAcgBvACwAIABvAHUAdAAgAHAAcwB6AFAAYQB0AGgAKQAgACEAPQAgADAAKQAgAHIAZQB0AHUAcgBuACAAIgAiADsACgAgACAAIAAgAHMAdAByAGkAbgBnACAAcABhAHQAaAAgAD0AIABNAGEAcgBzAGgAYQBsAC4AUAB0AHIAVABvAFMAdAByAGkAbgBnAFUAbgBpACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAE0AYQByAHMAaABhAGwALgBGAHIAZQBlAEMAbwBUAGEAcwBrAE0AZQBtACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAHIAZQB0AHUAcgBuACAAcABhAHQAaAA7AAoAIAAgAH0ACgB9AAoAIgBAAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIANQBFADYAQwA4ADUAOABGAC0AMABFADIAMgAtADQANwA2ADAALQA5AEEARgBFAC0ARQBBADMAMwAxADcAQgA2ADcAMQA3ADMAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIAMwBFAEIANgA4ADUARABCAC0ANgA1AEYAOQAtADQAQwBGADYALQBBADAAMwBBAC0ARQAzAEUARgA2ADUANwAyADkARgAzAEQAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIARgAxAEIAMwAyADcAOAA1AC0ANgBGAEIAQQAtADQARgBDAEYALQA5AEQANQA1AC0ANwBCADgARQA3AEYAMQA1ADcAMAA5ADEAIgApAAoAfQA=
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.cmdline
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3439.tmp" "c:\Users\user\AppData\Local\Temp\yg5wq3iq\CSC2B87B97A30754CA98C52C2EC748AF94C.TMP"
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaBrightDemiBold.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaBrightDemiBold.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaBrightDemiItalic.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaBrightDemiItalic.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaBrightItalic.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaBrightItalic.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaBrightRegular.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaBrightRegular.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaSansDemiBold.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaSansDemiBold.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaSansRegular.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaSansRegular.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaTypewriterBold.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaTypewriterBold.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaTypewriterRegular.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Program Files (x86)\Java\jre1.8.0_211\lib\fonts\LucidaTypewriterRegular.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GILSANUB.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GILSANUB.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GILLUBCD.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GILLUBCD.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeCode function: 2_2_02850380 cpuid
Source: C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts112
Command and Scripting Interpreter
1
Services File Permissions Weakness
11
Process Injection
1
Masquerading
OS Credential Dumping1
Security Software Discovery
Remote Services1
Archive Collected Data
Exfiltration Over Other Network Medium12
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default Accounts1
Exploitation for Client Execution
Boot or Logon Initialization Scripts1
Services File Permissions Weakness
1
Disable or Modify Tools
LSASS Memory1
Process Discovery
Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
Non-Application Layer Protocol
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain Accounts1
PowerShell
Logon Script (Windows)Logon Script (Windows)21
Virtualization/Sandbox Evasion
Security Account Manager21
Virtualization/Sandbox Evasion
SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
Application Layer Protocol
Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)11
Process Injection
NTDS1
Application Window Discovery
Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
Deobfuscate/Decode Files or Information
LSA Secrets1
Remote System Discovery
SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common1
Obfuscated Files or Information
Cached Domain Credentials22
System Information Discovery
VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items1
Services File Permissions Weakness
DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 631576 Sample: #U6837#U672c.jar Startdate: 21/05/2022 Architecture: WINDOWS Score: 52 36 Very long command line found 2->36 38 Encrypted powershell cmdline option found 2->38 40 Exploit detected, runtime environment starts unknown processes 2->40 9 cmd.exe 2 2->9         started        process3 process4 11 java.exe 28 9->11         started        15 conhost.exe 9->15         started        dnsIp5 32 api.github.com 140.82.121.5, 443, 49753 GITHUBUS United States 11->32 34 192.168.2.1 unknown unknown 11->34 42 Very long command line found 11->42 44 Encrypted powershell cmdline option found 11->44 17 powershell.exe 24 11->17         started        19 icacls.exe 1 11->19         started        signatures6 process7 process8 21 csc.exe 3 17->21         started        24 conhost.exe 17->24         started        26 conhost.exe 19->26         started        file9 30 C:\Users\user\AppData\Local\...\yg5wq3iq.dll, PE32 21->30 dropped 28 cvtres.exe 1 21->28         started        process10

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
#U6837#U672c.jar0%VirustotalBrowse
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://www.chambersign.org10%URL Reputationsafe
http://java.sun.com/xml/dom/properties/0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/10%URL Reputationsafe
http://www.jiyu-kobo.co.jp//0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
https://col-e.github.io/Recaf-documentation/0%Avira URL Cloudsafe
http://policy.camerfirma.com00%URL Reputationsafe
http://java.sun.com/xml/stream/properties/ignore-external-dtd0%URL Reputationsafe
http://www.certplus.com/CRL/class2.crl0%URL Reputationsafe
http://bugreport.sun.com/bugreport/0%URL Reputationsafe
http://java.sun.com/xml/stream/properties/report-cdata-event0y0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/F0%URL Reputationsafe
http://java.sun.com/xml/stream/properties/80%Avira URL Cloudsafe
http://cps.chambersign.org/cps/chambersroot.html0%URL Reputationsafe
http://www.certplus.com/CRL/class3P.crl0%URL Reputationsafe
http://crl.securetrust.com/STCA.crl0%URL Reputationsafe
http://javax.xml.XMLConstants/property/accessExternalDTD;0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/_0%URL Reputationsafe
http://javax.xml.XMLConstants/property/0%URL Reputationsafe
http://java.sun.com/xml/stream/properties/reader-in-defined-state0%URL Reputationsafe
http://www.carterandcone.com80%URL Reputationsafe
http://www.galapagosdesign.com/x0%Avira URL Cloudsafe
http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0%URL Reputationsafe
http://javax.xml.XMLConstants/property/accessExternalDTD0%URL Reputationsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace0%URL Reputationsafe
http://www.quovadis.bm0%URL Reputationsafe
NameIPActiveMaliciousAntivirus DetectionReputation
api.github.com
140.82.121.5
truefalse
    high
    NameSourceMaliciousAntivirus DetectionReputation
    http://apache.org/xml/features/validation/schema/augment-psvijava.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
      high
      http://apache.org/xml/properties/input-buffer-sizejava.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
        high
        http://www.chambersign.org1java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpfalse
        • URL Reputation: safe
        unknown
        http://apache.org/xml/features/standard-uri-conformant2java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
          high
          http://repository.swisssign.com/0java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpfalse
            high
            http://apache.org/xml/properties/schema/external-schemaLocation(java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
              high
              http://logback.qos.ch/manual/java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpfalse
                high
                http://apache.org/xml/properties/internal/entity-managerjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpfalse
                  high
                  http://apache.org/xml/properties/internal/symbol-tableQjava.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                    high
                    http://apache.org/xml/features/internal/parser-settingsjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                      high
                      http://apache.org/xml/properties/internal/document-scanner7java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                        high
                        http://java.sun.com/xml/dom/properties/java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        unknown
                        http://apache.org/xml/properties/internal/stax-entity-resolverjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                          high
                          http://apache.org/xml/features/3java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            http://www.jiyu-kobo.co.jp/1java.exe, 00000002.00000003.386917865.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.384744761.000000001A528000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            http://apache.org/xml/features/xinclude/fixup-base-urisjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocationjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                http://www.jiyu-kobo.co.jp//java.exe, 00000002.00000003.386917865.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.381672244.000000001A50E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.382202087.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.384744761.000000001A528000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                unknown
                                http://apache.org/xml/properties/internal/error-reporterjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  http://www.slf4j.org/codes.html#multiple_bindingsjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    https://repo1.maven.org/maven2/org/openjfx/javafx-%s/%s/javafx-%s-%sjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      http://www.zhongyicts.com.cnjava.exe, 00000002.00000003.366908558.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367867039.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367920213.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367555762.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.366575802.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.366792094.000000001A528000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://apache.org/xml/features/scanner/notify-char-refsjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        http://logback.qos.ch/codes.html#sat_missing_integer_tokenjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          http://www.slf4j.org/codes.html#null_MDCAFilejava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            https://col-e.github.io/Recaf-documentation/java.exe, 00000002.00000002.517348175.0000000009FD5000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.525463036.000000001619F000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            http://policy.camerfirma.com0java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            unknown
                                            http://apache.org/xml/features/validation/schema/normalized-valueBjava.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              http://java.sun.com/xml/stream/properties/ignore-external-dtdjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              unknown
                                              http://apache.org/xml/features/continue-after-fatal-errorjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                http://apache.org/xml/features/standard-uri-conformantjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  http://apache.org/xml/properties/internal/document-scannerjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    http://www.certplus.com/CRL/class2.crljava.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    http://bugreport.sun.com/bugreport/java.exe, 00000002.00000002.517323221.0000000009FC5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    unknown
                                                    http://java.oracle.com/java.exe, 00000002.00000002.517348175.0000000009FD5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      http://logback.qos.ch/codes.html#blockjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        http://apache.org/xml/features/java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          http://java.sun.com/xml/stream/properties/report-cdata-event0yjava.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          unknown
                                                          http://www.jiyu-kobo.co.jp/Fjava.exe, 00000002.00000003.379215569.000000001A50E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.386917865.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.381672244.000000001A50E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.382202087.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.384744761.000000001A528000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          unknown
                                                          http://apache.org/xml/features/generate-synthetic-annotationsjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            http://www.slf4j.org/codes.html#unsuccessfulInit)java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://java.sun.com/xml/stream/properties/8java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              http://xml.org/sax/features/allow-dtd-events-after-endDTDjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                http://cps.chambersign.org/cps/chambersroot.htmljava.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://www.certplus.com/CRL/class3P.crljava.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://www.slf4j.org/codes.html#substituteLoggerjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-onlyjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://crl.securetrust.com/STCA.crljava.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    http://apache.org/xml/properties/internal/namespace-binderjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://javax.xml.XMLConstants/property/accessExternalDTD;java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      http://logback.qos.ch/codes.html#earlier_fa_collisionjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://apache.org/xml/features/scanner/notify-builtin-refs6java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://apache.org/xml/properties/security-managerjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://www.slf4j.org/codes.html#substituteLoggerssssjava.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://www.jiyu-kobo.co.jp/_java.exe, 00000002.00000003.386917865.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.381672244.000000001A50E000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.382202087.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.384744761.000000001A528000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              unknown
                                                                              http://logback.qos.ch/codes.html#layoutInsteadOfEncoderjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://apache.org/xml/features/xincludejava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://logback.qos.ch/codes.htmljava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://apache.org/xml/features/validation/schema-full-checkingjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://javax.xml.XMLConstants/property/java.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      unknown
                                                                                      http://www.slf4j.org/codes.html#unsuccessfulInitjava.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://apache.org/xml/properties/internal/dtd-scanner8java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://github.com/Col-E/Recaf/issues/new/choosejava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://repo1.maven.org/maven2/org/openjfx/javafx-controls/18-eajava.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              http://apache.org/xml/properties/internal/grammar-pooljava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://java.sun.com/xml/stream/properties/reader-in-defined-statejava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                unknown
                                                                                                https://repo1.maven.org/maven2/org/openjfx/javafx-media/18-eajava.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://www.quovadisglobal.com/cps0java.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    http://www.carterandcone.com8java.exe, 00000002.00000003.372321347.000000001A5CC000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.372503883.000000001A5CC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    unknown
                                                                                                    http://www.galapagosdesign.com/xjava.exe, 00000002.00000003.361386794.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361324132.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361112768.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361054366.000000001A5D2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.360957466.000000001A5D2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361475761.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361138940.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.361344233.000000001A5D3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    unknown
                                                                                                    http://www.slf4j.org/codes.html#null_MDCAjava.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crljava.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      unknown
                                                                                                      http://www.slf4j.org/codes.html#replayjjava.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        http://apache.org/xml/features/allow-java-encodingsjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          http://apache.org/xml/properties/internal/datatype-validator-factory:java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            http://www.oracle.com/feature/use-service-mechanismjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              http://www.slf4j.org/codes.html#replayjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://javax.xml.XMLConstants/property/accessExternalDTDjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                unknown
                                                                                                                http://apache.org/xml/xmlschema/1.0/anonymousTypesjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://apache.org/xml/features/validation/schema/normalized-valuejava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    http://apache.org/xml/features/xinclude/fixup-languagejava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      http://logback.qos.ch/codes.html#null_CShtjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        http://www.quovadisglobal.com/cpsjava.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          http://www.founder.com.cn/cnjava.exe, 00000002.00000003.364008096.000000001A5D2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367125571.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365417219.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364923911.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.363715049.000000001A5D2000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364166636.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364685791.000000001A5CB000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367621099.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.363962074.000000001A529000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365710903.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367540017.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.363573890.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.363600655.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364541190.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364989262.000000001A5BC000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367581782.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364257114.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.367223930.000000001A5D3000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.365518800.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.363860163.000000001A528000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000003.364348330.000000001A529000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          unknown
                                                                                                                          http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespacejava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          unknown
                                                                                                                          https://api.github.com/repos/Col-E/Recaf/releases/latestjava.exe, 00000002.00000002.523754221.0000000015BF0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://repo1.maven.org/maven2/org/openjfx/javafx-%s/%s/javafx-%s-%sssLjava.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              http://xml.org/sax/properties/declaration-handlerjava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                http://apache.org/xml/features/xinclude7java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  http://apache.org/xml/properties/internal/symbol-tablejava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518121191.000000000A45C000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    http://www.slf4j.org/codes.html#loggerNameMismatch4java.exe, 00000002.00000002.522980248.0000000015470000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      http://apache.org/xml/features/validation/balance-syntax-treesyP1java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        http://apache.org/xml/properties/security-managerDjava.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          http://apache.org/xml/properties/Djava.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            http://www.slf4j.org/codes.htmljava.exe, 00000002.00000002.523148286.0000000015555000.00000004.00000800.00020000.00000000.sdmp, java.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              https://repo1.maven.org/maven2/org/openjfx/javafx-graphics/18-eajava.exe, 00000002.00000002.518012392.000000000A3C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                http://www.quovadis.bmjava.exe, 00000002.00000002.519294245.000000000A5A4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                unknown
                                                                                                                                                http://xml.org/sax/features/9java.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  http://apache.org/xml/features/validation/dynamicnal/xnijava.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    http://www.slf4j.org/codes.html#version_mismatchjava.exe, 00000002.00000002.522522699.0000000014F1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                      • 75% < No. of IPs
                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                      140.82.121.5
                                                                                                                                                      api.github.comUnited States
                                                                                                                                                      36459GITHUBUSfalse
                                                                                                                                                      IP
                                                                                                                                                      192.168.2.1
                                                                                                                                                      Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                                                                      Analysis ID:631576
                                                                                                                                                      Start date and time: 21/05/202215:25:212022-05-21 15:25:21 +02:00
                                                                                                                                                      Joe Sandbox Product:CloudBasic
                                                                                                                                                      Overall analysis duration:0h 10m 34s
                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                      Report type:light
                                                                                                                                                      Sample file name:#U6837#U672c.jar
                                                                                                                                                      Cookbook file name:defaultwindowsfilecookbook.jbs
                                                                                                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                      Number of analysed new started processes analysed:31
                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                      Technologies:
                                                                                                                                                      • HCA enabled
                                                                                                                                                      • EGA enabled
                                                                                                                                                      • HDC enabled
                                                                                                                                                      • GSI enabled (Java)
                                                                                                                                                      • AMSI enabled
                                                                                                                                                      Analysis Mode:default
                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                      Detection:MAL
                                                                                                                                                      Classification:mal52.expl.evad.winJAR@14/10@1/2
                                                                                                                                                      EGA Information:
                                                                                                                                                      • Successful, ratio: 50%
                                                                                                                                                      HDC Information:Failed
                                                                                                                                                      HCA Information:
                                                                                                                                                      • Successful, ratio: 99%
                                                                                                                                                      • Number of executed functions: 0
                                                                                                                                                      • Number of non-executed functions: 0
                                                                                                                                                      Cookbook Comments:
                                                                                                                                                      • Found application associated with file extension: .jar
                                                                                                                                                      • Adjust boot time
                                                                                                                                                      • Enable AMSI
                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 23.211.6.115
                                                                                                                                                      • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, fs.microsoft.com, login.live.com, store-images.s-microsoft.com, sls.update.microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                      • Reached maximum number of file to list during submission archive extraction
                                                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                      • Report size getting too big, too many NtReadFile calls found.
                                                                                                                                                      • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                      TimeTypeDescription
                                                                                                                                                      15:26:49API Interceptor33x Sleep call for process: powershell.exe modified
                                                                                                                                                      No context
                                                                                                                                                      No context
                                                                                                                                                      No context
                                                                                                                                                      No context
                                                                                                                                                      No context
                                                                                                                                                      Process:C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe
                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):57
                                                                                                                                                      Entropy (8bit):4.827903829688524
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:oFj4I5vpN6yUcXR:oJ5X6yrR
                                                                                                                                                      MD5:9807D9BB8842C220C57C4431929E7786
                                                                                                                                                      SHA1:493505806DA9425ECB568E4B1347A5EEA2DB7120
                                                                                                                                                      SHA-256:BBD5E4CB1EC712EB8011AC4CCBFE733C228F89D6B0D6E4DE024A7AE6A089A2E4
                                                                                                                                                      SHA-512:3149DA5FE1CB406F6594D44880A3B51A7369CE9F0B40FC63C8C3F8C0D8DBE27871F2076927CF136178ED5DFB20C1D8478703696D948CD4C3A81981FC43C229FF
                                                                                                                                                      Malicious:false
                                                                                                                                                      Reputation:low
                                                                                                                                                      Preview:C:\Program Files (x86)\Java\jre1.8.0_211..1653171985865..
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                      File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x492, 9 symbols
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1336
                                                                                                                                                      Entropy (8bit):4.035709788527701
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:H1Mm9BgqUKt4UhHyhK8qQfII+ycuZhNT2akSinPNnq9Sd:VYqUooK8qQg1ulya32q9C
                                                                                                                                                      MD5:A148D6FDA96214F9B2EA33605BEACD70
                                                                                                                                                      SHA1:A04452E476E0270764374B2C8FDEC34AF6827E2B
                                                                                                                                                      SHA-256:8D466C2AA799B8354A195746959BCEBF16535E00EB166D992B6AD5367D88656A
                                                                                                                                                      SHA-512:345B16B5228779D5BD53DEC5A9DFA411A95C01917A23F68E4ECDA00E6525057E6D7ABF869688A2D25895FAFEEA92F8CE26987A30F6616B7B75BBA2390BFD5AF3
                                                                                                                                                      Malicious:false
                                                                                                                                                      Reputation:low
                                                                                                                                                      Preview:L...4g.b.............debug$S........T...................@..B.rsrc$01........X.......8...........@..@.rsrc$02........P...B...............@..@........T....c:\Users\user\AppData\Local\Temp\yg5wq3iq\CSC2B87B97A30754CA98C52C2EC748AF94C.TMP....................83-.IG.8...........4.......C:\Users\user\AppData\Local\Temp\RES3439.tmp.-.<...................'...Microsoft (R) CVTRES.d.=..cwd.C:\Program Files (x86)\AutoIt3.exe.C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe...............................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...y.g.5.w.q.3.i.q...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1
                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:U:U
                                                                                                                                                      MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:1
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):1
                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:U:U
                                                                                                                                                      MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:1
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                      File Type:MSVC .res
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):652
                                                                                                                                                      Entropy (8bit):3.1169929164642958
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryp2ak7YnqqinPN5Dlq5J:+RI+ycuZhNT2akSinPNnqX
                                                                                                                                                      MD5:B39EEAD6B4F938332DE8B04947C738F3
                                                                                                                                                      SHA1:90A646BC64B528E813FE96BCC908929413A07C1C
                                                                                                                                                      SHA-256:7A7446DA5CD69D0CCD3821D00C9BBA87BFB8E9C3A49373B55BA305088245F045
                                                                                                                                                      SHA-512:1DC0FB3B8E46EEEEEA305B0C2EA51CD5BF4ED5D1F8A77B946F33B9A59FA73193D45B91A1CEFF9EDA981A659735A4BF3E49505B72495A90600E00EAC95BF968B0
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...y.g.5.w.q.3.i.q...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...y.g.5.w.q.3.i.q...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:UTF-8 Unicode (with BOM) text
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):526
                                                                                                                                                      Entropy (8bit):5.028337668210565
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:12:V/DTLDCcCUDMhFV8FkrWedKJyyepmLyJuMFoqxGMRyuMlPxAwZ:JjCUQhFVIkr7dKcoMbg3pSa
                                                                                                                                                      MD5:19CF785FBC390F5627236A4B664E3467
                                                                                                                                                      SHA1:917D102DA7222D6A0477F3932C1D9014601CA71C
                                                                                                                                                      SHA-256:35D145E5758625B5CCE58AAC031766C6816C0971DD8A0F4240E7A791DBEC24B3
                                                                                                                                                      SHA-512:C069FD68DB3B30C18612E21052E94FA48DBA7F8F624E513FCB938D79E7722A38CAB5C2F2DD5D309F01F14C2565EBFBFC4D0EA6A3A078B0DC685B6BBEC77DD649
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.using System;.using System.Runtime.InteropServices;.public class Dir {. [DllImport("shell32.dll")]. private static extern int SHGetKnownFolderPath([MarshalAs(UnmanagedType.LPStruct)] Guid rfid, uint dwFlags, IntPtr hToken, out IntPtr pszPath);. public static string GetKnownFolderPath(string rfid) {. IntPtr pszPath;. if (SHGetKnownFolderPath(new Guid(rfid), 0, IntPtr.Zero, out pszPath) != 0) return "";. string path = Marshal.PtrToStringUni(pszPath);. Marshal.FreeCoTaskMem(pszPath);. return path;. }.}
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):369
                                                                                                                                                      Entropy (8bit):5.296830160656425
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2WXp+N23fXHotzxs7+AEszIWXp+N23fXHoI:p37Lvkmb6KH/EWZE8/B
                                                                                                                                                      MD5:A1A9DB7428D587F2C624ED03C7526E1A
                                                                                                                                                      SHA1:F23D229D9DB29099AA3ADB9A163644B705650650
                                                                                                                                                      SHA-256:98E03380BE01F3EC152A6185C7A96685E408117C354CEF2D88A3E3F8D1629301
                                                                                                                                                      SHA-512:3925E745B41D2E7AE23DFEE4A66995317F2325300F01EBC62E0EDD5D07931D0CB165B7D0AA4FE4A7F3E5F938E2788553C54FC047042EF748A39FB378DA8956F6
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.0.cs"
                                                                                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):3584
                                                                                                                                                      Entropy (8bit):2.963448374201066
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:etGSq8Jm042x/g0P2r7qsIpkjVWtkZfUhuvtDBWI+ycuZhNT2akSinPNnq:6r/p/g0+r7nIKjXJUh8k1ulya32q
                                                                                                                                                      MD5:4ADB51274F834A8289CDF76649556F88
                                                                                                                                                      SHA1:7F94C451FBF6400E2FBE945F2EECD55194CB4A91
                                                                                                                                                      SHA-256:6DB454846F2DB38AD9D73774B344A6BAEAC88E8278177621D3BFD55EB6D59E07
                                                                                                                                                      SHA-512:630E04AE66DC8BED89C97757595AFCE6BA048FE451C2B34F0BE2B145371F148AF8CEE1D6CD157412C034E05B49E86FB8A8393F1A94D34E2AED21DC585BD1D9A8
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...2g.b...........!.................$... ...@....... ....................................@..................................$..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................$......H........ ...............................................................0..*........s.....~......(....,.r...p*.(......(.....*..(....*..BSJB............v4.0.30319......l...|...#~..........#Strings....p.......#US.t.......#GUID.......l...#Blob...........G5........%3....................................................................+.$...2.$.....j.....j.....j...............5.j...T.$...`.j.................................... 7.....P ......L...... ......_...... ..e...............
                                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, CR line terminators
                                                                                                                                                      Category:modified
                                                                                                                                                      Size (bytes):875
                                                                                                                                                      Entropy (8bit):5.364905368698609
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:24:T8qd3ka6KHdE8MKaM5DqBVKVrdFAMBJTH:T8ika6AdE8MKxDcVKdBJj
                                                                                                                                                      MD5:9346179170AF140C124537A812D09A66
                                                                                                                                                      SHA1:3E9AEF263FEF3CAA9207A53A56E17DAD16002CA6
                                                                                                                                                      SHA-256:56CEFFE748EB3F758B2BAB9BE29C95F30192C7154ED976EE7BCC25CEBA1BD95E
                                                                                                                                                      SHA-512:72A6EBA1D1A4A5C5A8F9A7CCB30A42D8BC8EBDFA94972AA38ADBB1CAC14E0B06AEAC7851C581DC453B98F9C632F4A7531436562052837A3B7CF32154ECEA41D3
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:.C:\Program Files (x86)\AutoIt3> "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.0.cs"......Microsoft (R) Visual C# Compiler version 4.7.3056.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....
                                                                                                                                                      Process:C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe
                                                                                                                                                      File Type:data
                                                                                                                                                      Category:dropped
                                                                                                                                                      Size (bytes):45
                                                                                                                                                      Entropy (8bit):0.9111711733157262
                                                                                                                                                      Encrypted:false
                                                                                                                                                      SSDEEP:3:/lwlt7n:WNn
                                                                                                                                                      MD5:C8366AE350E7019AEFC9D1E6E6A498C6
                                                                                                                                                      SHA1:5731D8A3E6568A5F2DFBBC87E3DB9637DF280B61
                                                                                                                                                      SHA-256:11E6ACA8E682C046C83B721EEB5C72C5EF03CB5936C60DF6F4993511DDC61238
                                                                                                                                                      SHA-512:33C980D5A638BFC791DE291EBF4B6D263B384247AB27F261A54025108F2F85374B579A026E545F81395736DD40FA4696F2163CA17640DD47F1C42BC9971B18CD
                                                                                                                                                      Malicious:false
                                                                                                                                                      Preview:........................................J2SE.
                                                                                                                                                      File type:Zip archive data, at least v2.0 to extract
                                                                                                                                                      Entropy (8bit):7.981311953832744
                                                                                                                                                      TrID:
                                                                                                                                                      • Java Archive (13504/1) 62.80%
                                                                                                                                                      • ZIP compressed archive (8000/1) 37.20%
                                                                                                                                                      File name:#U6837#U672c.jar
                                                                                                                                                      File size:39147646
                                                                                                                                                      MD5:8a5f40cbc394e138255c6d1a775d6a26
                                                                                                                                                      SHA1:dc53deaa3b02534cead9e371010e00f91e229b50
                                                                                                                                                      SHA256:6b96b0e9285822fb15c20d61ac65c9ba6028f423d5aaf7ebd4fa9fa9a435b838
                                                                                                                                                      SHA512:7b8ef2bde2424c9590dd010a55b6030a934ebd1e680f36d173edfb16f8202ad48319a160290ad95f56cc44b9765eb875291594d9cee259558a30b78879990d51
                                                                                                                                                      SSDEEP:786432:961qso+SsvZmE1oUEvkHPnWMK54+S64GCdXY1vJbaFwm/06P:961qdAvZnaUgcxK5IfdX+vJbiwm/00
                                                                                                                                                      TLSH:A9872277A0CC1435EE77D132C4866827792D87E8E04B306A39F45797A9B7C8D87133AA
                                                                                                                                                      File Content Preview:PK........3/AT3^..............META-INF/MANIFEST.MF}..j.0.D....~@jK)....K....."..%...d..}-.....h.......}...'$...z0.e.rN...X....Lf'....w.{.`..).!l.L....B-R..........4......l.......,...y............,5f......F6.z...3..3.d....86A.Ky=...Ww..=l....G@.N.O..i.....
                                                                                                                                                      Icon Hash:d28c8e8ea2868ad6
                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                      May 21, 2022 15:27:05.963943005 CEST49753443192.168.2.3140.82.121.5
                                                                                                                                                      May 21, 2022 15:27:05.964004993 CEST44349753140.82.121.5192.168.2.3
                                                                                                                                                      May 21, 2022 15:27:05.964145899 CEST49753443192.168.2.3140.82.121.5
                                                                                                                                                      May 21, 2022 15:27:06.391479969 CEST49753443192.168.2.3140.82.121.5
                                                                                                                                                      May 21, 2022 15:27:06.391537905 CEST44349753140.82.121.5192.168.2.3
                                                                                                                                                      May 21, 2022 15:27:06.441927910 CEST44349753140.82.121.5192.168.2.3
                                                                                                                                                      May 21, 2022 15:27:06.442137003 CEST49753443192.168.2.3140.82.121.5
                                                                                                                                                      May 21, 2022 15:27:06.604085922 CEST49753443192.168.2.3140.82.121.5
                                                                                                                                                      May 21, 2022 15:27:06.604150057 CEST44349753140.82.121.5192.168.2.3
                                                                                                                                                      May 21, 2022 15:27:06.604674101 CEST44349753140.82.121.5192.168.2.3
                                                                                                                                                      May 21, 2022 15:27:06.604759932 CEST49753443192.168.2.3140.82.121.5
                                                                                                                                                      May 21, 2022 15:27:06.605456114 CEST49753443192.168.2.3140.82.121.5
                                                                                                                                                      May 21, 2022 15:27:06.605485916 CEST44349753140.82.121.5192.168.2.3
                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                      May 21, 2022 15:27:05.919822931 CEST5742153192.168.2.38.8.8.8
                                                                                                                                                      May 21, 2022 15:27:05.940073967 CEST53574218.8.8.8192.168.2.3
                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                      May 21, 2022 15:27:05.919822931 CEST192.168.2.38.8.8.80xe8c0Standard query (0)api.github.comA (IP address)IN (0x0001)
                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                      May 21, 2022 15:27:05.940073967 CEST8.8.8.8192.168.2.30xe8c0No error (0)api.github.com140.82.121.5A (IP address)IN (0x0001)

                                                                                                                                                      Click to jump to process

                                                                                                                                                      Target ID:0
                                                                                                                                                      Start time:15:26:22
                                                                                                                                                      Start date:21/05/2022
                                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\#U6837#U672c.jar"" >> C:\cmdlinestart.log 2>&1
                                                                                                                                                      Imagebase:0xc20000
                                                                                                                                                      File size:232960 bytes
                                                                                                                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Target ID:1
                                                                                                                                                      Start time:15:26:23
                                                                                                                                                      Start date:21/05/2022
                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                      Imagebase:0x7ff7c9170000
                                                                                                                                                      File size:625664 bytes
                                                                                                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Target ID:2
                                                                                                                                                      Start time:15:26:23
                                                                                                                                                      Start date:21/05/2022
                                                                                                                                                      Path:C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:"C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe" -javaagent:"C:\Users\user\AppData\Local\Temp\jartracer.jar" -jar "C:\Users\user\Desktop\#U6837#U672c.jar"
                                                                                                                                                      Imagebase:0x1200000
                                                                                                                                                      File size:192376 bytes
                                                                                                                                                      MD5 hash:28733BA8C383E865338638DF5196E6FE
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:Java
                                                                                                                                                      Reputation:high

                                                                                                                                                      Target ID:3
                                                                                                                                                      Start time:15:26:26
                                                                                                                                                      Start date:21/05/2022
                                                                                                                                                      Path:C:\Windows\SysWOW64\icacls.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
                                                                                                                                                      Imagebase:0xbc0000
                                                                                                                                                      File size:29696 bytes
                                                                                                                                                      MD5 hash:FF0D1D4317A44C951240FAE75075D501
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Target ID:4
                                                                                                                                                      Start time:15:26:26
                                                                                                                                                      Start date:21/05/2022
                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                      Imagebase:0x7ff7c9170000
                                                                                                                                                      File size:625664 bytes
                                                                                                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Target ID:6
                                                                                                                                                      Start time:15:26:28
                                                                                                                                                      Start date:21/05/2022
                                                                                                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:powershell.exe -EncodedCommand JgAgAHsACgBbAEMAbwBuAHMAbwBsAGUAXQA6ADoATwB1AHQAcAB1AHQARQBuAGMAbwBkAGkAbgBnACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgACgBBAGQAZAAtAFQAeQBwAGUAIABAACIACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQA7AAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBSAHUAbgB0AGkAbQBlAC4ASQBuAHQAZQByAG8AcABTAGUAcgB2AGkAYwBlAHMAOwAKAHAAdQBiAGwAaQBjACAAYwBsAGEAcwBzACAARABpAHIAIAB7AAoAIAAgAFsARABsAGwASQBtAHAAbwByAHQAKAAiAHMAaABlAGwAbAAzADIALgBkAGwAbAAiACkAXQAKACAAIABwAHIAaQB2AGEAdABlACAAcwB0AGEAdABpAGMAIABlAHgAdABlAHIAbgAgAGkAbgB0ACAAUwBIAEcAZQB0AEsAbgBvAHcAbgBGAG8AbABkAGUAcgBQAGEAdABoACgAWwBNAGEAcgBzAGgAYQBsAEEAcwAoAFUAbgBtAGEAbgBhAGcAZQBkAFQAeQBwAGUALgBMAFAAUwB0AHIAdQBjAHQAKQBdACAARwB1AGkAZAAgAHIAZgBpAGQALAAgAHUAaQBuAHQAIABkAHcARgBsAGEAZwBzACwAIABJAG4AdABQAHQAcgAgAGgAVABvAGsAZQBuACwAIABvAHUAdAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAApADsACgAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAHMAdAByAGkAbgBnACAARwBlAHQASwBuAG8AdwBuAEYAbwBsAGQAZQByAFAAYQB0AGgAKABzAHQAcgBpAG4AZwAgAHIAZgBpAGQAKQAgAHsACgAgACAAIAAgAEkAbgB0AFAAdAByACAAcABzAHoAUABhAHQAaAA7AAoAIAAgACAAIABpAGYAIAAoAFMASABHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoAG4AZQB3ACAARwB1AGkAZAAoAHIAZgBpAGQAKQAsACAAMAAsACAASQBuAHQAUAB0AHIALgBaAGUAcgBvACwAIABvAHUAdAAgAHAAcwB6AFAAYQB0AGgAKQAgACEAPQAgADAAKQAgAHIAZQB0AHUAcgBuACAAIgAiADsACgAgACAAIAAgAHMAdAByAGkAbgBnACAAcABhAHQAaAAgAD0AIABNAGEAcgBzAGgAYQBsAC4AUAB0AHIAVABvAFMAdAByAGkAbgBnAFUAbgBpACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAE0AYQByAHMAaABhAGwALgBGAHIAZQBlAEMAbwBUAGEAcwBrAE0AZQBtACgAcABzAHoAUABhAHQAaAApADsACgAgACAAIAAgAHIAZQB0AHUAcgBuACAAcABhAHQAaAA7AAoAIAAgAH0ACgB9AAoAIgBAAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIANQBFADYAQwA4ADUAOABGAC0AMABFADIAMgAtADQANwA2ADAALQA5AEEARgBFAC0ARQBBADMAMwAxADcAQgA2ADcAMQA3ADMAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIAMwBFAEIANgA4ADUARABCAC0ANgA1AEYAOQAtADQAQwBGADYALQBBADAAMwBBAC0ARQAzAEUARgA2ADUANwAyADkARgAzAEQAIgApAAoAWwBEAGkAcgBdADoAOgBHAGUAdABLAG4AbwB3AG4ARgBvAGwAZABlAHIAUABhAHQAaAAoACIARgAxAEIAMwAyADcAOAA1AC0ANgBGAEIAQQAtADQARgBDAEYALQA5AEQANQA1AC0ANwBCADgARQA3AEYAMQA1ADcAMAA5ADEAIgApAAoAfQA=
                                                                                                                                                      Imagebase:0x890000
                                                                                                                                                      File size:430592 bytes
                                                                                                                                                      MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:.Net C# or VB.NET
                                                                                                                                                      Reputation:high

                                                                                                                                                      Target ID:8
                                                                                                                                                      Start time:15:26:29
                                                                                                                                                      Start date:21/05/2022
                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                      Imagebase:0x7ff7c9170000
                                                                                                                                                      File size:625664 bytes
                                                                                                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:high

                                                                                                                                                      Target ID:19
                                                                                                                                                      Start time:15:26:55
                                                                                                                                                      Start date:21/05/2022
                                                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\yg5wq3iq\yg5wq3iq.cmdline
                                                                                                                                                      Imagebase:0xdd0000
                                                                                                                                                      File size:2170976 bytes
                                                                                                                                                      MD5 hash:350C52F71BDED7B99668585C15D70EEA
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:.Net C# or VB.NET
                                                                                                                                                      Reputation:moderate

                                                                                                                                                      Target ID:20
                                                                                                                                                      Start time:15:26:59
                                                                                                                                                      Start date:21/05/2022
                                                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3439.tmp" "c:\Users\user\AppData\Local\Temp\yg5wq3iq\CSC2B87B97A30754CA98C52C2EC748AF94C.TMP"
                                                                                                                                                      Imagebase:0x140000
                                                                                                                                                      File size:43176 bytes
                                                                                                                                                      MD5 hash:C09985AE74F0882F208D75DE27770DFA
                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                      Reputation:moderate

                                                                                                                                                      No disassembly