Windows Analysis Report
Confirm Me.exe

Overview

General Information

Sample name:	Confirm Me.exe
Analysis ID:	1526550
MD5:	9e1f57731569a5ccbd7526f3ae1c4b50
SHA1:	1c7915b594ea634885c57c2281a8ce77483f1961
SHA256:	f659219bbbb50593d0cd629ccf48faca878b444162b14863854480a7c9289266
Tags:	exeuser-JolefanM
Infos:

Detection

STRRAT

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected STRRAT

AI detected suspicious sample

Connects to a pastebin service (likely for C&C)

Found API chain indicative of debugger detection

Contains functionality for execution timing, often used to detect debuggers

Contains functionality for read data from the clipboard

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query locales information (e.g. system language)

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Found dropped PE file which has not been started or loaded

Found evasive API chain (may stop execution after checking a module file name)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

PE file contains sections with non-standard names

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Signatures

AV Detection

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 97.0% probability

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD24F0 CryptReleaseContext,	4_2_6ADD24F0
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD16EE _Java_sun_security_mscapi_Key_cleanUp@24,CryptDestroyKey,CryptReleaseContext,	4_2_6ADD16EE
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD1CBB _Java_sun_security_mscapi_Key_getKeyType@16,CryptGetKeyParam,sprintf,	4_2_6ADD1CBB
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD26A7 _Java_sun_security_mscapi_RSAPublicKey_getPublicKeyBlob@16,CryptExportKey,CryptExportKey,GetLastError,??2@YAPAXI@Z,CryptExportKey,	4_2_6ADD26A7
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD1C59 _Java_sun_security_mscapi_Key_getContainerName@16,CryptGetProvParam,	4_2_6ADD1C59
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD2274 _Java_sun_security_mscapi_KeyStore_destroyKeyContainer@12,CryptAcquireContextA,GetLastError,	4_2_6ADD2274
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD120D _Java_sun_security_mscapi_PRNG_generateSeed@16,CryptAcquireContextA,GetLastError,CryptGenRandom,GetLastError,??2@YAPAXI@Z,CryptGenRandom,GetLastError,CryptGenRandom,	4_2_6ADD120D
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD2423 _Java_sun_security_mscapi_RSACipher_getKeyFromCert@20,CryptAcquireCertificatePrivateKey,GetLastError,CryptGetUserKey,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptImportPublicKeyInfo,GetLastError,	4_2_6ADD2423
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD2BF6 _Java_sun_security_mscapi_KeyStore_storePrivateKey@20,CryptAcquireContextA,GetLastError,CryptImportKey,	4_2_6ADD2BF6
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD13AC _Java_sun_security_mscapi_KeyStore_loadKeysOrCertificateChains@12,CertOpenSystemStoreA,GetLastError,CertEnumCertificatesInStore,CryptAcquireCertificatePrivateKey,CryptGetUserKey,CryptReleaseContext,CryptSetKeyParam,CertGetPublicKeyLength,CertGetNameStringA,??2@YAPAXI@Z,CertGetNameStringA,CryptGetKeyParam,CertFreeCertificateChain,	4_2_6ADD13AC
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD1B50 _Java_sun_security_mscapi_RSAKeyPairGenerator_generateRSAKeyPair@16,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptGenKey,	4_2_6ADD1B50
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD1D4B _Java_sun_security_mscapi_KeyStore_storeCertificate@40,CertOpenSystemStoreA,??2@YAPAXI@Z,CertCreateCertificateContext,GetLastError,??2@YAPAXI@Z,memcpy,CertSetCertificateContextProperty,CryptGetProvParam,CryptGetProvParam,??2@YAPAXI@Z,CryptGetProvParam,??2@YAPAXI@Z,mbstowcs,CryptGetProvParam,??2@YAPAXI@Z,CryptGetProvParam,??2@YAPAXI@Z,mbstowcs,CryptGetProvParam,CryptGetKeyParam,CertSetCertificateContextProperty,CertAddCertificateContextToStore,GetLastError,	4_2_6ADD1D4B
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD1968 _Java_sun_security_mscapi_RSASignature_verifySignedHash@44,__except_handler4,CryptCreateHash,CryptGetProvParam,CryptAcquireContextA,GetLastError,CryptCreateHash,??2@YAPAXI@Z,??2@YAPAXI@Z,CryptSetHashParam,CryptVerifySignatureA,	4_2_6ADD1968
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD256A _Java_sun_security_mscapi_RSACipher_encryptDecrypt@28,??2@YAPAXI@Z,CryptEncrypt,GetLastError,CryptDecrypt,	4_2_6ADD256A
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD1363 ??3@YAXPAX@Z,CryptReleaseContext,	4_2_6ADD1363
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD1719 _Java_sun_security_mscapi_RSASignature_signHash@40,__except_handler4,CryptCreateHash,CryptCreateHash,CryptGetProvParam,CryptAcquireContextA,GetLastError,CryptCreateHash,??2@YAPAXI@Z,CryptSetHashParam,CryptGetKeyParam,CryptSignHashA,CryptSignHashA,??2@YAPAXI@Z,CryptSignHashA,	4_2_6ADD1719
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD1B16 ??3@YAXPAX@Z,??3@YAXPAX@Z,CryptDestroyHash,CryptReleaseContext,	4_2_6ADD1B16
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD2500 _Java_sun_security_mscapi_KeyStore_getKeyLength@16,CryptGetKeyParam,GetLastError,	4_2_6ADD2500
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD192E ??3@YAXPAX@Z,??3@YAXPAX@Z,CryptDestroyHash,CryptReleaseContext,	4_2_6ADD192E
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD2D25 _Java_sun_security_mscapi_RSASignature_importPublicKey@16,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptImportKey,	4_2_6ADD2D25

Uses 32bit PE files

Source: Confirm Me.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\README.txt	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME.txt	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME.txt	Jump to behavior

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

File opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr100.dll

Jump to behavior

Source: unknown

HTTPS traffic detected: 104.20.3.235:443 -> 192.168.2.5:49778 version: TLS 1.2

Source: Confirm Me.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libt2k\t2k.pdb source: t2k.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjli\jli.pdb source: Confirm Me.exe, 00000000.00000003.2164017536.0000000002775000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge\JavaAccessBridge.pdb source: Confirm Me.exe, 00000000.00000003.2105009235.0000000002772000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libinstrument\instrument.pdb source: Confirm Me.exe, 00000000.00000003.2122874503.0000000002779000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\eula\obj\eula.pdb source: Confirm Me.exe, 00000000.00000003.2112822739.000000000277E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\javaws.pdb source: Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjawtaccessbridge-32\JAWTAccessBridge-32.pdb source: Confirm Me.exe, 00000000.00000003.2102696019.0000000002770000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libwindowsaccessbridge\WindowsAccessBridge.pdb source: Confirm Me.exe, 00000000.00000003.2106535004.0000000002772000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libj2pkcs11\j2pkcs11.pdb source: Confirm Me.exe, 00000000.00000003.2123933808.0000000002770000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libwindowsaccessbridge-32\WindowsAccessBridge-32.pdb source: Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libj2pcsc\j2pcsc.pdb source: Confirm Me.exe, 00000000.00000003.2123475901.000000000277F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: Confirm Me.exe, 00000000.00000003.2185814089.0000000002771000.00000004.00000020.00020000.00000000.sdmp, orbd.exe.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava_crw_demo\java_crw_demo.pdb98 source: Confirm Me.exe, 00000000.00000003.2128456389.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\rmid_objs\rmid.pdb source: Confirm Me.exe, 00000000.00000003.2190587949.0000000002775000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsplashscreen\splashscreen.pdb source: Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb) source: Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, JavaAccessBridge-32.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\keytool_objs\keytool.pdb source: Confirm Me.exe, 00000000.00000003.2174055178.000000000277C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb source: Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, JavaAccessBridge-32.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjsound\jsound.pdbIC source: Confirm Me.exe, 00000000.00000003.2171101964.0000000002776000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2ssv\obj\jp2ssv.pdb source: Confirm Me.exe, 00000000.00000003.2168135670.000000000277C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2ssv\obj\jp2ssv.pdb source: Confirm Me.exe, 00000000.00000003.2168135670.000000000277C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\kinit_objs\kinit.pdb source: Confirm Me.exe, 00000000.00000003.2175087733.0000000002779000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdbic source: Confirm Me.exe, 00000000.00000003.2184692925.000000000277B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2374873004.000000006E087000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnpt\npt.pdb source: Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libfontmanager\fontmanager.pdb@ source: Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb source: Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdcpr\dcpr.pdb source: Confirm Me.exe, 00000000.00000003.2109755976.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libhprof_jvmti\hprof.pdb source: Confirm Me.exe, 00000000.00000003.2122048543.0000000002773000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjdwp\jdwp.pdbI source: Confirm Me.exe, 00000000.00000003.2135311826.000000000277A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\jjs_objs\jjs.pdb source: Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\servertool_objs\servertool.pdb source: Confirm Me.exe, 00000000.00000003.2191839179.0000000002777000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\hotspot\windows_i486_compiler1\product\jvm.pdb source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\eula\obj\eula.pdb0 source: Confirm Me.exe, 00000000.00000003.2112822739.000000000277E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdb source: Confirm Me.exe, 00000000.00000003.2184692925.000000000277B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2374873004.000000006E087000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2iexp\obj\jp2iexp.pdb source: Confirm Me.exe, 00000000.00000003.2164971000.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjli\jli.pdb source: Confirm Me.exe, 00000000.00000003.2164017536.0000000002775000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcr120.i386.pdb source: Confirm Me.exe, 00000000.00000003.2183367662.0000000002777000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2372853891.000000006BF41000.00000020.00000001.01000000.0000000E.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdt_socket\dt_socket.pdb source: Confirm Me.exe, 00000000.00000003.2112138274.000000000277D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacpl\obj\javacpl.pdb4 source: Confirm Me.exe, 00000000.00000003.2129267673.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\pack200_objs\pack200.pdb source: Confirm Me.exe, 00000000.00000003.2186297923.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp120.i386.pdb source: Confirm Me.exe, 00000000.00000003.2180498787.0000000002770000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, javaw.exe, 00000004.00000002.2372515366.000000006BEC1000.00000020.00000001.01000000.0000000F.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdt_shmem\dt_shmem.pdb source: Confirm Me.exe, 00000000.00000003.2111585981.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjfr\jfr.pdb source: Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjawt\jawt.pdb source: Confirm Me.exe, 00000000.00000003.2134492627.000000000277D000.00000004.00000020.00020000.00000000.sdmp, jawt.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\rmiregistry_objs\rmiregistry.pdb source: Confirm Me.exe, 00000000.00000003.2191177168.000000000277A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjaas\jaas_nt.pdb source: Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjawtaccessbridge\JAWTAccessBridge.pdb source: Confirm Me.exe, 00000000.00000003.2103096731.0000000002770000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava_crw_demo\java_crw_demo.pdb source: Confirm Me.exe, 00000000.00000003.2128456389.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb source: Confirm Me.exe, 00000000.00000003.2127170220.0000000002772000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2375058158.000000006E3E3000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjsdt\jsdt.pdb source: Confirm Me.exe, 00000000.00000003.2170077141.000000000277F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjpeg\jpeg.pdb source: Confirm Me.exe, 00000000.00000003.2169273331.0000000002776000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\ktab_objs\ktab.pdb source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\klist_objs\klist.pdb source: Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacpl\obj\javacpl.pdb source: Confirm Me.exe, 00000000.00000003.2129267673.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnet\net.pdb source: Confirm Me.exe, 00000000.00000003.2184133514.0000000002777000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2373233269.000000006C07D000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libbci\bci.pdb source: Confirm Me.exe, 00000000.00000003.2109082232.000000000277E000.00000004.00000020.00020000.00000000.sdmp, bci.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsplashscreen\splashscreen.pdb source: Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libverify\verify.pdb source: javaw.exe, 00000004.00000002.2375515849.000000006F976000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacplexec\obj\javacpl.pdb source: Confirm Me.exe, 00000000.00000003.2130000619.0000000002773000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java_objs\java.pdb source: Confirm Me.exe, 00000000.00000003.2127860611.000000000277E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2iexp\obj\jp2iexp.pdb< source: Confirm Me.exe, 00000000.00000003.2164971000.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\javaw_objs\javaw.pdb source: Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, javaw.exe, 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmp, javaw.exe, 00000004.00000000.2300773769.000000000098C000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb8^DkdwBk source: javaw.exe, 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java-rmi_objs\java-rmi.pdb source: Confirm Me.exe, 00000000.00000003.2125754785.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb source: Confirm Me.exe, 00000000.00000003.2177737342.000000000277F000.00000004.00000020.00020000.00000000.sdmp, lcms.dll.0.dr
Source:	Binary string: msvcr100.i386.pdb source: Confirm Me.exe, 00000000.00000003.2182045877.0000000002770000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2374421523.000000006C461000.00000020.00000001.01000000.00000007.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\ssv\obj\ssv.pdb source: Confirm Me.exe, 00000000.00000003.2193499543.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjdwp\jdwp.pdb source: Confirm Me.exe, 00000000.00000003.2135311826.000000000277A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libzip\zip.pdb source: javaw.exe, 00000004.00000002.2375253895.000000006E4AA000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacplexec\obj\javacpl.pdb0 source: Confirm Me.exe, 00000000.00000003.2130000619.0000000002773000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmlib_image\mlib_image.pdb source: Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, mlib_image.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb$ source: javaw.exe, 00000004.00000002.2371383744.000000006ADF3000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb source: javaw.exe, 00000004.00000002.2371383744.000000006ADF3000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\deploy.pdb source: Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\jabswitch\jabswitch.pdb source: Confirm Me.exe, 00000000.00000003.2125094328.0000000002773000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdbP*A source: Confirm Me.exe, 00000000.00000003.2165813508.0000000002772000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\javaws.pdbPfC source: Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2native\obj\jp2native.pdb source: Confirm Me.exe, 00000000.00000003.2166511343.000000000277D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjsound\jsound.pdb source: Confirm Me.exe, 00000000.00000003.2171101964.0000000002776000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjfr\jfr.pdby* source: Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb'% source: Confirm Me.exe, 00000000.00000003.2127170220.0000000002772000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2375058158.000000006E3E3000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmlib_image\mlib_image.pdb9 source: Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, mlib_image.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb8^ source: Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunmscapi\sunmscapi.pdb source: javaw.exe, 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: tnameserv.exe.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libhprof_jvmti\hprof.pdbi source: Confirm Me.exe, 00000000.00000003.2122048543.0000000002773000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libresource\resource.pdb source: Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb* source: Confirm Me.exe, 00000000.00000003.2177737342.000000000277F000.00000004.00000020.00020000.00000000.sdmp, lcms.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnpt\npt.pdbY" source: Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libfontmanager\fontmanager.pdb source: Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmanagement\management.pdb source: Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjsoundds\jsoundds.pdb source: Confirm Me.exe, 00000000.00000003.2171917868.0000000002775000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjpeg\jpeg.pdbi source: Confirm Me.exe, 00000000.00000003.2169273331.0000000002776000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\policytool_objs\policytool.pdb source: Confirm Me.exe, 00000000.00000003.2186844213.000000000277C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmanagement\management.pdby: source: Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libkcms\kcms.pdb source: Confirm Me.exe, 00000000.00000003.2172830819.0000000002770000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdb source: Confirm Me.exe, 00000000.00000003.2165813508.0000000002772000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\Confirm Me.exe	Code function: 0_2_00405C4D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405C4D
Source: C:\Users\user\Desktop\Confirm Me.exe	Code function: 0_2_00402930 FindFirstFileW,	0_2_00402930
Source: C:\Users\user\Desktop\Confirm Me.exe	Code function: 0_2_0040689E FindFirstFileW,FindClose,	0_2_0040689E
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0097A3A5 __getdrive,FindFirstFileExA,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,_free,___loctotime64_t,_free,__wsopen_s,__fstat64i32,__close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,	4_2_0097A3A5
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_00975225 FindFirstFileA,FindNextFileA,_strlen,_strlen,_strlen,_memmove,_memmove,FindClose,	4_2_00975225

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	File opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	File opened: C:\Users\user\AppData\Roaming\InstallerPDW\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	File opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	File opened: C:\Users\user\AppData\Roaming\	Jump to behavior

Networking

Connects to a pastebin service (likely for C&C)

Source: unknown

DNS query: name: pastebin.com

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.20.3.235 104.20.3.235
Source: Joe Sandbox View	IP Address: 104.20.3.235 104.20.3.235

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 2db6873021f2a95daa7de0d93a1d1bf2

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: pastebin.com

Source: javaw.exe, 00000004.00000002.2351020651.0000000004C46000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: HTTP://WWW.CHAMBERSIGN.ORG
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/allow-java-encodings
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/allow-java-encodingshgo
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/continue-after-fatal-errorTo
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/create-cdata-nodes
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2361017795.0000000014C9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodes
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansionG
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace:
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations3
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocationsQo
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/include-comments
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/include-comments1
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/parser-settings
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicates
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/namespace-growth
Source: javaw.exe, 00000004.00000002.2362196887.00000000155A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/namespacesY
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtdA
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2361017795.0000000014C9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/standard-uri-conformant
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validate-annotations
Source: javaw.exe, 00000004.00000002.2361017795.0000000014DA6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/dynamic
Source: javaw.exe, 00000004.00000002.2361017795.0000000014DA6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/dynamicI
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema-full-checkinga
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/element-default
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/element-default=
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-value
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema:
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydef
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris6
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language:
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xincludeC
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/co
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/dom/current-element-node
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/dom/current-element-node7
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/dom/document-class-name
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/dom/document-class-name3
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2361017795.0000000014C9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/input-buffer-size
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory0lo
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/document-scanner
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/document-scanner5
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor7
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner7
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/entity-manager
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/entity-manager:
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/entity-resolverh
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/error-handler
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/error-handler=
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/error-reporter
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/error-reporter8
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/grammar-pooln
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-binder
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-binderA
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-context
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2361017795.0000000014C9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver
Source: javaw.exe, 00000004.00000002.2361017795.0000000014C9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver5
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/symbol-table
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/symbol-table6
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validation-manager
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validation-manager:
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validator/dtdD
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validator/schema
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler;
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/locale
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/localehF
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocationJ
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/security-manager
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/security-manager&
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypes
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypes?
Source: javaw.exe, 00000004.00000002.2356527969.000000000A0CA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://asm.objectweb.org
Source: Confirm Me.exe, 00000000.00000003.2127170220.0000000002772000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2375058158.000000006E3E3000.00000002.00000001.01000000.0000000A.sdmp, javaw.exe, 00000004.00000002.2356527969.0000000009E16000.00000004.00001000.00020000.00000000.sdmp, java.dll.0.dr	String found in binary or memory: http://bugreport.sun.com/bugreport/
Source: Confirm Me.exe, 00000000.00000003.2127170220.0000000002772000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2375058158.000000006E3E3000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.dr	String found in binary or memory: http://bugreport.sun.com/bugreport/java.vendor.url.bughttp://java.oracle.com/java.vendor.urljava.ven
Source: Confirm Me.exe, 00000000.00000003.2121246597.0000000002779000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.
Source: Confirm Me.exe, 00000000.00000003.2121246597.0000000002779000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.GStreamer
Source: Confirm Me.exe, 00000000.00000003.2121246597.0000000002779000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Internal
Source: Confirm Me.exe, 00000000.00000003.2121246597.0000000002779000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.This
Source: Confirm Me.exe, 00000000.00000003.2121246597.0000000002779000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Your
Source: javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html
Source: javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: javaw.exe, 00000004.00000002.2356527969.000000000A675000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl
Source: javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crlS
Source: javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl#
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: Confirm Me.exe, 00000000.00000003.2073849307.000000000277B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.oracle.com/javase/7/docs/technotes/guides/plugin/
Source: Confirm Me.exe, 00000000.00000003.2161732222.00000000028F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://icl.com/saxon
Source: Confirm Me.exe, 00000000.00000003.2161732222.00000000028F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:
Source: Confirm Me.exe, 00000000.00000003.2127170220.0000000002772000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2375058158.000000006E3E3000.00000002.00000001.01000000.0000000A.sdmp, javaw.exe, 00000004.00000002.2356527969.0000000009E1C000.00000004.00001000.00020000.00000000.sdmp, java.dll.0.dr	String found in binary or memory: http://java.oracle.com/
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/jaxp/xpath/dom
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/jaxp/xpath/dom;l
Source: Confirm Me.exe, 00000000.00000003.2135311826.000000000277A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/products/jpda
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/dom/properties/
Source: javaw.exe, 00000004.00000002.2361017795.0000000014DA6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/dom/properties/ancestor-check
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage=
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource;
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/schema/features/
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/schema/features/)
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace3
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/
Source: javaw.exe, 00000004.00000002.2361017795.0000000014C9B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A46F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtd
Source: javaw.exe, 00000004.00000002.2361017795.0000000014C9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtd9
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state
Source: javaw.exe, 00000004.00000002.2361017795.0000000014DA6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A46F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event
Source: Confirm Me.exe, 00000000.00000003.2114974237.0000000002775000.00000004.00000020.00020000.00000000.sdmp, fxplugins.dll.0.dr	String found in binary or memory: http://javafx.com/
Source: javaw.exe, 00000004.00000002.2356527969.000000000A2B7000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://javafx.com/fxml/1
Source: javaw.exe, 00000004.00000002.2356527969.000000000A2B7000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://javafx.com/javafx/8
Source: Confirm Me.exe, 00000000.00000003.2114974237.0000000002775000.00000004.00000020.00020000.00000000.sdmp, fxplugins.dll.0.dr	String found in binary or memory: http://javafx.com/vp6decoderflvdemux
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTDR
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchema
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalStylesheet
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.transform.dom.DOMResult/feature
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.transform.dom.DOMSource/feature
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.transform.sax.SAXResult/feature#
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.transform.sax.SAXSource/feature
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, jfr.jar.0.dr	String found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/feature
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/feature/xmlfilter
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/feature0
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.transform.stax.StAXResult/feature
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.transform.stax.StAXSource/feature
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.transform.stax.StAXSource/feature#
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.transform.stream.StreamResult/feature8
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.transform.stream.StreamSource/feature
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.transform.stream.StreamSource/feature6
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: Confirm Me.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2364658631.000000001644C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://null.sun.com/
Source: Confirm Me.exe, 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://ocsp.example.net:80
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://openjdk.java.net/jeps/220).
Source: Confirm Me.exe, 00000000.00000003.2072751855.0000000002770000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://oss.oracle.com/projects/gstreamer-mods/
Source: Confirm Me.exe, 00000000.00000003.2072751855.0000000002770000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://oss.oracle.com/projects/webkit-java-mods/
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.com
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.com0
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.comC
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://relaxngcc.sf.net/).
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/0
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/C
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s2.symcb.com0
Source: Confirm Me.exe, 00000000.00000003.2072751855.0000000002770000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.msn.com/docs/siteowner.aspx.
Source: javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://site.com/
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcd.com0&
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tartarus.org/~martin/PorterStemmer
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crls
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://upx.sourceforge.net/upx-license.html.
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://upx.tsx.org
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wildsau.idv.uni-linz.ac.at/mfx/upx.html
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2072751855.0000000002770000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2072751855.0000000002770000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class2.crl
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3P.crl
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3P.crls
Source: javaw.exe, 00000004.00000002.2351020651.0000000004C46000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.chambersign.org
Source: javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.chambersign.org1
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ecma-international.org
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ecma-international.org/memento/codeofconduct.htm
Source: Confirm Me.exe, 00000000.00000003.2121246597.0000000002779000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ifpi.org/isrc/
Source: Confirm Me.exe, 00000000.00000003.2161732222.00000000028F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jclark.com/xt
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.linuxnet.com
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.nexus.hu/upx
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/feature/use-service-mechanism
Source: jfr.jar.0.dr	String found in binary or memory: http://www.oracle.com/hotspot/jdk/
Source: jfr.jar.0.dr	String found in binary or memory: http://www.oracle.com/hotspot/jfr-info/
Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp, jfr.jar.0.dr	String found in binary or memory: http://www.oracle.com/hotspot/jvm/
Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://www.oracle.com/hotspot/jvm/java/monitor/address
Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/code_sweeper/id
Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/compiler/id
Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/gc/id
Source: javaw.exe, 00000004.00000002.2364389357.0000000016411000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/technetwork/java/javafx/index.html
Source: Confirm Me.exe, 00000000.00000003.2193499543.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/technetwork/java/javase/downloads/index.html
Source: Confirm Me.exe, 00000000.00000003.2073849307.000000000277B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/technetwork/java/javase/overview/
Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://www.oracle.com/technetwork/java/javaseproducts/
Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://www.oracle.com/technetwork/java/javaseproducts/C:
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/is-standalone
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementAttributeLimit
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/enableExtensionFunctions
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/enableExtensionFunctions=
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo%
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepth
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimit
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimit
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit#
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxXMLNameLimit
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimit
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManager
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bm
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bm0
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bmc
Source: javaw.exe, 00000004.00000002.2356527969.000000000A675000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sgi.com/software/opensource/cid/license.html
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sgi.com/software/opensource/glx/license.html.
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/cps0(
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/rpa00
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/Public/
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/Public/.
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/cldr/data/.
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/copyright.html.
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/reports/
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.xfree86.org/)
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.apache.org/xalan
Source: javaw.exe, 00000004.00000002.2361017795.0000000014D69000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.apache.org/xpath/features/whitespace-pre-stripping
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.apache.org/xslt
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/P
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD7
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/external-general-entities
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/external-general-entitiesYo
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/external-parameter-entities
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/namespaces
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/namespaces=
Source: javaw.exe, 00000004.00000002.2362196887.00000000155A1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A46F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/string-interning
Source: javaw.exe, 00000004.00000002.2362196887.00000000155A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/string-interningfeature
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/use-entity-resolver2
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/validation
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/validation?
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/lexical-handler
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/xml-string
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/xml-string?
Source: Confirm Me.exe, 00000000.00000003.2161732222.00000000028F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/
Source: Confirm Me.exe, 00000000.00000003.2161732222.00000000028F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/Templates:
Source: Confirm Me.exe, 00000000.00000003.2161732222.00000000028F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/namespace
Source: Confirm Me.exe, 00000000.00000003.2161732222.00000000028F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/namespacehttp://www.jclark.com/xtxpath
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/cps0%
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0
Source: javaw.exe, 00000004.00000002.2364389357.00000000163B0000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/TsSaltan/DevelNext-jURL/releases/latest
Source: javaw.exe, 00000004.00000002.2356527969.0000000009ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/gson
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.coms
Source: javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/WhdMR234

Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778

Source: unknown

HTTPS traffic detected: 104.20.3.235:443 -> 192.168.2.5:49778 version: TLS 1.2

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\Confirm Me.exe

Code function: 0_2_00405705 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_00405705

Contains functionality to retrieve information about pressed keystrokes

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Code function: 4_2_6B3F6800 GetKeyboardState,

4_2_6B3F6800

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD2BF6 _Java_sun_security_mscapi_KeyStore_storePrivateKey@20,CryptAcquireContextA,GetLastError,CryptImportKey,		4_2_6ADD2BF6
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD2D25 _Java_sun_security_mscapi_RSASignature_importPublicKey@16,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptImportKey,		4_2_6ADD2D25

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\Confirm Me.exe

Code function: 0_2_0040351C EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,ExitProcess,CoUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_0040351C

Detected potential crypto function

Source: C:\Users\user\Desktop\Confirm Me.exe	Code function: 0_2_00406C5F	0_2_00406C5F
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Code function: 3_2_00405D30	3_2_00405D30
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Code function: 3_2_004013B0	3_2_004013B0
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0098B4A1	4_2_0098B4A1
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_009784FF	4_2_009784FF
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_00977016	4_2_00977016
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_00976829	4_2_00976829
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0097B99C	4_2_0097B99C
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0097B5FE	4_2_0097B5FE
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_00989925	4_2_00989925
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0097C156	4_2_0097C156
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0098A552	4_2_0098A552
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0097BD6E	4_2_0097BD6E
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0097B169	4_2_0097B169
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_00989E76	4_2_00989E76
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_009893D4	4_2_009893D4
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_00977B2F	4_2_00977B2F
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_00977F2B	4_2_00977F2B
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADE2ACB	4_2_6ADE2ACB
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADE3CF0	4_2_6ADE3CF0
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADE6CEE	4_2_6ADE6CEE
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADE9AE7	4_2_6ADE9AE7
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADE3286	4_2_6ADE3286
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADEDEBA	4_2_6ADEDEBA
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADED6B5	4_2_6ADED6B5
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADEDCAE	4_2_6ADEDCAE
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADED257	4_2_6ADED257
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADED87C	4_2_6ADED87C
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADE3E7A	4_2_6ADE3E7A
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADE7FDA	4_2_6ADE7FDA
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADE91DA	4_2_6ADE91DA
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADE33D5	4_2_6ADE33D5
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADED75B	4_2_6ADED75B
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADE7168	4_2_6ADE7168
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADE6966	4_2_6ADE6966
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADE9564	4_2_6ADE9564
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADE2911	4_2_6ADE2911
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADEE52D	4_2_6ADEE52D
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B386A78	4_2_6B386A78
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B386A76	4_2_6B386A76
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B3DE940	4_2_6B3DE940
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B3869F0	4_2_6B3869F0
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B352820	4_2_6B352820
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B36082C	4_2_6B36082C
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B36AD60	4_2_6B36AD60
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B3DED60	4_2_6B3DED60
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B3B8CC0	4_2_6B3B8CC0
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B3523A0	4_2_6B3523A0
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B352280	4_2_6B352280
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B37E2C0	4_2_6B37E2C0
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B3CA006	4_2_6B3CA006
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B3B87B0	4_2_6B3B87B0
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B3607A0	4_2_6B3607A0
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B352530	4_2_6B352530
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B3DE530	4_2_6B3DE530
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B3DDB90	4_2_6B3DDB90
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B3E1A10	4_2_6B3E1A10
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B351A40	4_2_6B351A40
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B3BBA80	4_2_6B3BBA80
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B3BD960	4_2_6B3BD960

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Code function: String function: 00406E10 appears 37 times
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: String function: 00978A72 appears 35 times
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: String function: 0097DB40 appears 40 times
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: String function: 6B404026 appears 177 times
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: String function: 6B403DC6 appears 34 times
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: String function: 6B403F81 appears 217 times
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: String function: 6B3AEA57 appears 132 times
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: String function: 00973BA3 appears 49 times
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: String function: 6B403D9C appears 107 times
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: String function: 6B3FF4BC appears 215 times

Sample file is different than original file name gathered from version info

Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamektab.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejfxmedia.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedecora_sse.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejjs.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejavaw.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameklist.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejfr.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamefontmanager.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejavaws.exeX vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesplashscreen.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprism_sw.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameJavaAccessBridge-32.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemlib_image.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameresource.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemanagement.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameawt.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejaas_nt.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2161732222.00000000028F7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejfxwebkit.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedeploy.dllX vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWindowsAccessBridge-32.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprism_d3d.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamenpt.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2130612947.000000000277B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejavafx_font.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2193499543.00000000027D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamessv.dllX vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2177737342.000000000277F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelcms.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2184133514.0000000002777000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamenet.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2135311826.000000000277A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejdwp.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2166511343.000000000277D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejp2native.dllX vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2109755976.000000000277B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedcpr.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2170077141.000000000277F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejsdt.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2191177168.000000000277A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamermiregistry.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2127860611.000000000277E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejava.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2131468702.0000000002775000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejavafx_font_t2k.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2171101964.0000000002776000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejsound.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2134492627.000000000277D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejawt.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2164017536.0000000002775000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejli.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2169273331.0000000002776000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejpeg.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2172830819.0000000002770000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamecmm.dll^ vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2185814089.0000000002771000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameorbd.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2127170220.0000000002772000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejava.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2190587949.0000000002775000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamermid.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2168135670.000000000277C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejp2ssv.dllX vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2123475901.000000000277F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamej2pcsc.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2183367662.0000000002777000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcr120.dll^ vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2105009235.0000000002772000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameJavaAccessBridge.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2102696019.0000000002770000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameJAWTAccessBridge-32.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2112138274.000000000277D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedt_socket.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2103096731.0000000002770000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameJAWTAccessBridge.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2186844213.000000000277C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepolicytool.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2187677469.000000000277A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprism_common.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2122048543.0000000002773000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamehprof.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2164971000.0000000002778000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejp2iexp.dllX vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2111585981.0000000002778000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedt_shmem.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2171917868.0000000002775000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejsoundds.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2123933808.0000000002770000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamej2pkcs11.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2115977249.0000000002773000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameglass.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2191839179.0000000002777000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameservertool.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2174055178.000000000277C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekeytool.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2175087733.0000000002779000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekinit.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2186297923.0000000002778000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepack200.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2106535004.0000000002772000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWindowsAccessBridge.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2180498787.0000000002770000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp120.dll^ vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2128456389.000000000277B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejava_crw_demo.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2182045877.0000000002770000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcr100_clr0400.dll^ vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2122874503.0000000002779000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameinstrument.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2109082232.000000000277E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamebci.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2121246597.0000000002779000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamegstreamer-lite.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2165813508.0000000002772000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejp2launcher.exeX vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2130000619.0000000002773000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejavacpl.exeX vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2112822739.000000000277E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameeula.dllX vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2125754785.000000000277B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejava-rmi.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2119978601.00000000027AD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameglib-lite.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2132216215.0000000002779000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejavafx_iio.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2125094328.0000000002773000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejabswitch.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2114974237.0000000002775000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamefxplugins.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2184692925.000000000277B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamenio.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2129267673.0000000002778000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejavacpl.cplX vs Confirm Me.exe

Uses 32bit PE files

Source: Confirm Me.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal60.troj.evad.winEXE@5/218@1/1

Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe

Code function: 3_2_00401ED0 GetLastError,puts,ShellExecuteA,printf,fclose,MessageBoxA,FormatMessageA,strlen,strcat,LocalFree,fprintf,fprintf,fprintf,

3_2_00401ED0

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD22F9 _Java_sun_security_mscapi_RSACipher_findCertificateUsingAlias@16,CertOpenSystemStoreA,GetLastError,CertGetNameStringA,CertEnumCertificatesInStore,CertGetNameStringA,??2@YAPAXI@Z,CertGetNameStringA,strcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,	4_2_6ADD22F9
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD20B5 _Java_sun_security_mscapi_KeyStore_removeCertificate@24,CertOpenSystemStoreA,??2@YAPAXI@Z,CertCreateCertificateContext,GetLastError,CertFindCertificateInStore,CertGetNameStringA,CertGetNameStringA,??2@YAPAXI@Z,CertGetNameStringA,strcmp,CertDeleteCertificateFromStore,GetLastError,	4_2_6ADD20B5
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD13AC _Java_sun_security_mscapi_KeyStore_loadKeysOrCertificateChains@12,CertOpenSystemStoreA,GetLastError,CertEnumCertificatesInStore,CryptAcquireCertificatePrivateKey,CryptGetUserKey,CryptReleaseContext,CryptSetKeyParam,CertGetPublicKeyLength,CertGetNameStringA,??2@YAPAXI@Z,CertGetNameStringA,CryptGetKeyParam,CertFreeCertificateChain,	4_2_6ADD13AC
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD1D4B _Java_sun_security_mscapi_KeyStore_storeCertificate@40,CertOpenSystemStoreA,??2@YAPAXI@Z,CertCreateCertificateContext,GetLastError,??2@YAPAXI@Z,memcpy,CertSetCertificateContextProperty,CryptGetProvParam,CryptGetProvParam,??2@YAPAXI@Z,CryptGetProvParam,??2@YAPAXI@Z,mbstowcs,CryptGetProvParam,??2@YAPAXI@Z,CryptGetProvParam,??2@YAPAXI@Z,mbstowcs,CryptGetProvParam,CryptGetKeyParam,CertSetCertificateContextProperty,CertAddCertificateContextToStore,GetLastError,	4_2_6ADD1D4B

Source: C:\Users\user\Desktop\Confirm Me.exe

0_2_0040351C

Source: C:\Users\user\Desktop\Confirm Me.exe

Code function: 0_2_004049B1 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

0_2_004049B1

Source: C:\Users\user\Desktop\Confirm Me.exe

Code function: 0_2_004021CF CoCreateInstance,

0_2_004021CF

Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe

Code function: 3_2_00404740 FindResourceExA,LoadResource,LockResource,fprintf,FindResourceExA,LoadResource,LockResource,fprintf,strchr,strlen,strcpy,FindResourceExA,LoadResource,LockResource,fprintf,strchr,strlen,strcpy,strncpy,strlen,strcat,strncpy,strlen,strcat,FindResourceExA,LoadResource,LockResource,atoi,SetLastError,SetLastError,SetLastError,strcpy,fprintf,FindResourceExA,LoadResource,LockResource,atoi,strcpy,fprintf,fprintf,SetLastError,SetLastError,fprintf,

3_2_00404740

Source: C:\Users\user\Desktop\Confirm Me.exe

File created: C:\Users\user\AppData\Roaming\InstallerPDW

Jump to behavior

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\Confirm Me.exe

File created: C:\Users\user\AppData\Local\Temp\nszF341.tmp

Jump to behavior

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Command line argument: 1.8		4_2_00971000
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Command line argument: 1.8.0_101-b13		4_2_00971000

Source: Confirm Me.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Confirm Me.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Confirm Me.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: javaw.exe	String found in binary or memory: sun/launcher/LauncherHelper
Source: javaw.exe	String found in binary or memory: -help

Source: C:\Users\user\Desktop\Confirm Me.exe

File read: C:\Users\user\Desktop\Confirm Me.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Confirm Me.exe "C:\Users\user\Desktop\Confirm Me.exe"
Source: C:\Users\user\Desktop\Confirm Me.exe	Process created: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe C:\Users\user\AppData\Roaming\InstallerPDW\install.exe
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Process created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe "C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre\jphp-runtime.jar;jre\jphp-xml-ext.jar;jre\jphp-zend-ext.jar;jre\jphp-zip-ext.jar;jre\lib;jre\LICENSE;jre\README.txt;jre\release;jre\slf4j-api.jar;jre\slf4j-simple.jar;jre\THIRDPARTYLICENSEREADME-JAVAFX.txt;jre\THIRDPARTYLICENSEREADME.txt;jre\Welcome.html;jre\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher
Source: C:\Users\user\Desktop\Confirm Me.exe	Process created: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Process created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe "C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre\jphp-runtime.jar;jre\jphp-xml-ext.jar;jre\jphp-zend-ext.jar;jre\jphp-zip-ext.jar;jre\lib;jre\LICENSE;jre\README.txt;jre\release;jre\slf4j-api.jar;jre\slf4j-simple.jar;jre\THIRDPARTYLICENSEREADME-JAVAFX.txt;jre\THIRDPARTYLICENSEREADME.txt;jre\Welcome.html;jre\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher	Jump to behavior

Source: C:\Users\user\Desktop\Confirm Me.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: C:\Users\user\Desktop\Confirm Me.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: Confirm Me.exe

Static file information: File size 48457393 > 1048576

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

File opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr100.dll

Jump to behavior

Source: Confirm Me.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libt2k\t2k.pdb source: t2k.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjli\jli.pdb source: Confirm Me.exe, 00000000.00000003.2164017536.0000000002775000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge\JavaAccessBridge.pdb source: Confirm Me.exe, 00000000.00000003.2105009235.0000000002772000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libinstrument\instrument.pdb source: Confirm Me.exe, 00000000.00000003.2122874503.0000000002779000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\eula\obj\eula.pdb source: Confirm Me.exe, 00000000.00000003.2112822739.000000000277E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\javaws.pdb source: Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjawtaccessbridge-32\JAWTAccessBridge-32.pdb source: Confirm Me.exe, 00000000.00000003.2102696019.0000000002770000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libwindowsaccessbridge\WindowsAccessBridge.pdb source: Confirm Me.exe, 00000000.00000003.2106535004.0000000002772000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libj2pkcs11\j2pkcs11.pdb source: Confirm Me.exe, 00000000.00000003.2123933808.0000000002770000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libwindowsaccessbridge-32\WindowsAccessBridge-32.pdb source: Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libj2pcsc\j2pcsc.pdb source: Confirm Me.exe, 00000000.00000003.2123475901.000000000277F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: Confirm Me.exe, 00000000.00000003.2185814089.0000000002771000.00000004.00000020.00020000.00000000.sdmp, orbd.exe.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava_crw_demo\java_crw_demo.pdb98 source: Confirm Me.exe, 00000000.00000003.2128456389.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\rmid_objs\rmid.pdb source: Confirm Me.exe, 00000000.00000003.2190587949.0000000002775000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsplashscreen\splashscreen.pdb source: Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb) source: Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, JavaAccessBridge-32.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\keytool_objs\keytool.pdb source: Confirm Me.exe, 00000000.00000003.2174055178.000000000277C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb source: Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, JavaAccessBridge-32.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjsound\jsound.pdbIC source: Confirm Me.exe, 00000000.00000003.2171101964.0000000002776000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2ssv\obj\jp2ssv.pdb source: Confirm Me.exe, 00000000.00000003.2168135670.000000000277C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2ssv\obj\jp2ssv.pdb source: Confirm Me.exe, 00000000.00000003.2168135670.000000000277C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\kinit_objs\kinit.pdb source: Confirm Me.exe, 00000000.00000003.2175087733.0000000002779000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdbic source: Confirm Me.exe, 00000000.00000003.2184692925.000000000277B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2374873004.000000006E087000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnpt\npt.pdb source: Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libfontmanager\fontmanager.pdb@ source: Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb source: Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdcpr\dcpr.pdb source: Confirm Me.exe, 00000000.00000003.2109755976.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libhprof_jvmti\hprof.pdb source: Confirm Me.exe, 00000000.00000003.2122048543.0000000002773000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjdwp\jdwp.pdbI source: Confirm Me.exe, 00000000.00000003.2135311826.000000000277A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\jjs_objs\jjs.pdb source: Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\servertool_objs\servertool.pdb source: Confirm Me.exe, 00000000.00000003.2191839179.0000000002777000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\hotspot\windows_i486_compiler1\product\jvm.pdb source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\eula\obj\eula.pdb0 source: Confirm Me.exe, 00000000.00000003.2112822739.000000000277E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdb source: Confirm Me.exe, 00000000.00000003.2184692925.000000000277B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2374873004.000000006E087000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2iexp\obj\jp2iexp.pdb source: Confirm Me.exe, 00000000.00000003.2164971000.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjli\jli.pdb source: Confirm Me.exe, 00000000.00000003.2164017536.0000000002775000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcr120.i386.pdb source: Confirm Me.exe, 00000000.00000003.2183367662.0000000002777000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2372853891.000000006BF41000.00000020.00000001.01000000.0000000E.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdt_socket\dt_socket.pdb source: Confirm Me.exe, 00000000.00000003.2112138274.000000000277D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacpl\obj\javacpl.pdb4 source: Confirm Me.exe, 00000000.00000003.2129267673.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\pack200_objs\pack200.pdb source: Confirm Me.exe, 00000000.00000003.2186297923.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp120.i386.pdb source: Confirm Me.exe, 00000000.00000003.2180498787.0000000002770000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, javaw.exe, 00000004.00000002.2372515366.000000006BEC1000.00000020.00000001.01000000.0000000F.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdt_shmem\dt_shmem.pdb source: Confirm Me.exe, 00000000.00000003.2111585981.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjfr\jfr.pdb source: Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjawt\jawt.pdb source: Confirm Me.exe, 00000000.00000003.2134492627.000000000277D000.00000004.00000020.00020000.00000000.sdmp, jawt.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\rmiregistry_objs\rmiregistry.pdb source: Confirm Me.exe, 00000000.00000003.2191177168.000000000277A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjaas\jaas_nt.pdb source: Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjawtaccessbridge\JAWTAccessBridge.pdb source: Confirm Me.exe, 00000000.00000003.2103096731.0000000002770000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava_crw_demo\java_crw_demo.pdb source: Confirm Me.exe, 00000000.00000003.2128456389.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb source: Confirm Me.exe, 00000000.00000003.2127170220.0000000002772000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2375058158.000000006E3E3000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjsdt\jsdt.pdb source: Confirm Me.exe, 00000000.00000003.2170077141.000000000277F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjpeg\jpeg.pdb source: Confirm Me.exe, 00000000.00000003.2169273331.0000000002776000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\ktab_objs\ktab.pdb source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\klist_objs\klist.pdb source: Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacpl\obj\javacpl.pdb source: Confirm Me.exe, 00000000.00000003.2129267673.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnet\net.pdb source: Confirm Me.exe, 00000000.00000003.2184133514.0000000002777000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2373233269.000000006C07D000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libbci\bci.pdb source: Confirm Me.exe, 00000000.00000003.2109082232.000000000277E000.00000004.00000020.00020000.00000000.sdmp, bci.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsplashscreen\splashscreen.pdb source: Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libverify\verify.pdb source: javaw.exe, 00000004.00000002.2375515849.000000006F976000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacplexec\obj\javacpl.pdb source: Confirm Me.exe, 00000000.00000003.2130000619.0000000002773000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java_objs\java.pdb source: Confirm Me.exe, 00000000.00000003.2127860611.000000000277E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2iexp\obj\jp2iexp.pdb< source: Confirm Me.exe, 00000000.00000003.2164971000.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\javaw_objs\javaw.pdb source: Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, javaw.exe, 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmp, javaw.exe, 00000004.00000000.2300773769.000000000098C000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb8^DkdwBk source: javaw.exe, 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java-rmi_objs\java-rmi.pdb source: Confirm Me.exe, 00000000.00000003.2125754785.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb source: Confirm Me.exe, 00000000.00000003.2177737342.000000000277F000.00000004.00000020.00020000.00000000.sdmp, lcms.dll.0.dr
Source:	Binary string: msvcr100.i386.pdb source: Confirm Me.exe, 00000000.00000003.2182045877.0000000002770000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2374421523.000000006C461000.00000020.00000001.01000000.00000007.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\ssv\obj\ssv.pdb source: Confirm Me.exe, 00000000.00000003.2193499543.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjdwp\jdwp.pdb source: Confirm Me.exe, 00000000.00000003.2135311826.000000000277A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libzip\zip.pdb source: javaw.exe, 00000004.00000002.2375253895.000000006E4AA000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacplexec\obj\javacpl.pdb0 source: Confirm Me.exe, 00000000.00000003.2130000619.0000000002773000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmlib_image\mlib_image.pdb source: Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, mlib_image.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb$ source: javaw.exe, 00000004.00000002.2371383744.000000006ADF3000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb source: javaw.exe, 00000004.00000002.2371383744.000000006ADF3000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\deploy.pdb source: Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\jabswitch\jabswitch.pdb source: Confirm Me.exe, 00000000.00000003.2125094328.0000000002773000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdbP*A source: Confirm Me.exe, 00000000.00000003.2165813508.0000000002772000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\javaws.pdbPfC source: Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2native\obj\jp2native.pdb source: Confirm Me.exe, 00000000.00000003.2166511343.000000000277D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjsound\jsound.pdb source: Confirm Me.exe, 00000000.00000003.2171101964.0000000002776000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjfr\jfr.pdby* source: Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb'% source: Confirm Me.exe, 00000000.00000003.2127170220.0000000002772000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2375058158.000000006E3E3000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmlib_image\mlib_image.pdb9 source: Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, mlib_image.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb8^ source: Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunmscapi\sunmscapi.pdb source: javaw.exe, 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: tnameserv.exe.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libhprof_jvmti\hprof.pdbi source: Confirm Me.exe, 00000000.00000003.2122048543.0000000002773000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libresource\resource.pdb source: Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb* source: Confirm Me.exe, 00000000.00000003.2177737342.000000000277F000.00000004.00000020.00020000.00000000.sdmp, lcms.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnpt\npt.pdbY" source: Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libfontmanager\fontmanager.pdb source: Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmanagement\management.pdb source: Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjsoundds\jsoundds.pdb source: Confirm Me.exe, 00000000.00000003.2171917868.0000000002775000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjpeg\jpeg.pdbi source: Confirm Me.exe, 00000000.00000003.2169273331.0000000002776000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\policytool_objs\policytool.pdb source: Confirm Me.exe, 00000000.00000003.2186844213.000000000277C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmanagement\management.pdby: source: Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libkcms\kcms.pdb source: Confirm Me.exe, 00000000.00000003.2172830819.0000000002770000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdb source: Confirm Me.exe, 00000000.00000003.2165813508.0000000002772000.00000004.00000020.00020000.00000000.sdmp

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Code function: 4_2_00974DC6 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,

4_2_00974DC6

PE file contains sections with non-standard names

Source: jfxwebkit.dll.0.dr	Static PE information: section name: .unwante
Source: prism_sw.dll.0.dr	Static PE information: section name: _RDATA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0098F4AD pushad ; ret	4_2_0098F4AE
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0098F8EC push cs; iretd	4_2_0098F9C2
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0098F9EE push cs; iretd	4_2_0098F9C2
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0098FB9E push ebx; ret	4_2_0098FB9F
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0097DB85 push ecx; ret	4_2_0097DB98
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_009807ED push edi; ret	4_2_009807EE
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD2EB5 push ecx; ret	4_2_6ADD2EC8
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADF23F5 push ecx; ret	4_2_6ADF2408
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B4048B5 push ecx; ret	4_2_6B4048C8
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B404026 push ecx; ret	4_2_6B404039

Source: msvcr100.dll.0.dr	Static PE information: section name: .text entropy: 6.90903234258047
Source: msvcr100.dll0.0.dr	Static PE information: section name: .text entropy: 6.90903234258047
Source: msvcr120.dll.0.dr	Static PE information: section name: .text entropy: 6.95576372950548

Drops PE files

Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge-32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\lcms.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr100.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\npt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kcms.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fontmanager.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxwebkit.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jli.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kinit.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2iexp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\verify.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_socket.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\bci.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2native.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfr.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_shmem.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmiregistry.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jawt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java_crw_demo.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_sw.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.cpl	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\sunmscapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\nio.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\servertool.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\net.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\policytool.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\zip.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jabswitch.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaws.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ssvagent.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxmedia.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fxplugins.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\wsdetect.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dcpr.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ssv.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge-32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2ssv.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glib-lite.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\tnameserv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\gstreamer-lite.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\deploy.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\awt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_d3d.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\sunec.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\decora_sse.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\splashscreen.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2launcher.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\orbd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pcsc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_iio.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jdwp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsoundds.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\npjp2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\klist.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\keytool.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmid.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\management.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcp120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\npdeployJava1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glass.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jaas_nt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge-32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\mlib_image.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\t2k.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\hprof.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_common.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsdt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\unpack200.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\unpack.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ktab.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\w2k_lsa_auth.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\instrument.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font_t2k.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pkcs11.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\client\jvm.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\resource.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jjs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\eula.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\pack200.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsound.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java-rmi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\msvcr100.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\deployJava1.dll	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Users\user\Desktop\Confirm Me.exe

File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.cpl

Jump to dropped file

Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\README.txt	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME.txt	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME.txt	Jump to behavior

Source: C:\Users\user\Desktop\Confirm Me.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Code function: 4_2_6B36AD60 rdtsc

4_2_6B36AD60

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge-32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr100.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\lcms.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\npt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kcms.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jli.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxwebkit.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fontmanager.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kinit.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2iexp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\verify.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\bci.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_socket.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2native.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfr.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_shmem.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmiregistry.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jawt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java_crw_demo.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_sw.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.cpl	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\sunmscapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\nio.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\servertool.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\net.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\policytool.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\zip.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jabswitch.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaws.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ssvagent.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxmedia.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fxplugins.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\wsdetect.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dcpr.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ssv.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge-32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2ssv.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\tnameserv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glib-lite.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\gstreamer-lite.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\deploy.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\awt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_d3d.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\sunec.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\decora_sse.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\splashscreen.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2launcher.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\orbd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_iio.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pcsc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jdwp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsoundds.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\npjp2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\klist.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\keytool.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmid.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcp120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\management.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\npdeployJava1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glass.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jaas_nt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\t2k.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\mlib_image.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge-32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_common.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\hprof.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsdt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\unpack200.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\unpack.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ktab.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\w2k_lsa_auth.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\instrument.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font_t2k.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pkcs11.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\client\jvm.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\resource.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jjs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\eula.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\pack200.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsound.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java-rmi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\deployJava1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\msvcr100.dll	Jump to dropped file

Found evasive API chain (may stop execution after checking a module file name)

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

Found large amount of non-executed APIs

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

API coverage: 1.8 %

Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Code function: 4_2_6B3C4604 GetKeyboardLayout followed by cmp: cmp ax, cx and CTI: jne 6B3C4627h

4_2_6B3C4604

Source: C:\Users\user\Desktop\Confirm Me.exe	Code function: 0_2_00405C4D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405C4D
Source: C:\Users\user\Desktop\Confirm Me.exe	Code function: 0_2_00402930 FindFirstFileW,	0_2_00402930
Source: C:\Users\user\Desktop\Confirm Me.exe	Code function: 0_2_0040689E FindFirstFileW,FindClose,	0_2_0040689E
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0097A3A5 __getdrive,FindFirstFileExA,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,_free,___loctotime64_t,_free,__wsopen_s,__fstat64i32,__close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,	4_2_0097A3A5
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_00975225 FindFirstFileA,FindNextFileA,_strlen,_strlen,_strlen,_memmove,_memmove,FindClose,	4_2_00975225

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	File opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	File opened: C:\Users\user\AppData\Roaming\InstallerPDW\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	File opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	File opened: C:\Users\user\AppData\Roaming\	Jump to behavior

Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: l{constant pool}code cache C-heap hand metaspace chunks dict zone strs syms heap threads [Verifying Genesis-2147483648Unable to link/verify Finalizer.register methodUnable to link/verify ClassLoader.addClass methodProtectionDomain.impliesCreateAccessControlContext() has the wrong linkageUnable to link/verify Unsafe.throwIllegalAccessError methodJava heap space: failed reallocation of scalar replaced objectsGC overhead limit exceededRequested array size exceeds VM limitCompressed class spaceJava heap spaceUnable to link/verify VirtualMachineError classC:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\hotspot\src\share\vm\oops\arrayKlass.cpp[]guarantee(component_mirror()->klass() != NULL) failedshould have a classC:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\hotspot\src\share\vm\gc_interface/collectedHeap.inline.hpp - length: %dguarantee(a->length() >= 0) failedarray with negative length?guarantee(obj->is_array()) failedmust be arrayshould be klassguarantee(is_constantPool()) failedvtable restored by this call<pseudo-string> cache=0x%08x (extra) for /operands[%d]/preresolutionconstant pool [%d]A constant pool lockC:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\hotspot\src\share\vm\oops\constantPool.cppguarantee(!ConstantPool::is_invokedynamic_index(which)) failedan invokedynamic instruction does not have a klassRESOLVE %s %s
Source: javaw.exe, 00000004.00000003.2301973931.0000000014C6E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp, classlist.0.dr	Binary or memory string: java/lang/VirtualMachineError
Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: Unable to link/verify VirtualMachineError class
Source: Confirm Me.exe, 00000000.00000003.2135311826.000000000277A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: JVM version %s (%s, %s)<unknown>VirtualMachineImpl.cRedefineClassesGetTopThreadGroupsJNI_FALSENewStringUTF;DeleteWeakGlobalRefsignature bagsignaturesclassTrack.cloaded classesclassTrack tableNewWeakGlobalRefsignatureKlassNodeAttempting to insert duplicate classloaded classes arraySetTagcommonRef.cDeleteGlobalRefFreeing %d (%x)
Source: Confirm Me.exe, 00000000.00000003.2135311826.000000000277A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VirtualMachineImpl.c
Source: javaw.exe, 00000004.00000003.2301973931.0000000014C6E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: org/omg/CORBA/OMGVMCID.classPK
Source: javaw.exe, 00000004.00000002.2350571854.0000000002600000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: cjava/lang/VirtualMachineError
Source: javaw.exe, 00000004.00000002.2350571854.0000000002600000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: t[Ljava/lang/VirtualMachineError;
Source: javaw.exe, 00000004.00000003.2301973931.0000000014C6E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: )Q+com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: _well_known_klasses[SystemDictionary::VirtualMachineError_klass_knum]
Source: javaw.exe, 00000004.00000003.2301973931.0000000014C6E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: java/lang/VirtualMachineError.classPK
Source: javaw.exe, 00000004.00000002.2350234267.0000000000D3B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlll
Source: javaw.exe, 00000004.00000002.2350571854.0000000002600000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: lVirtualMachineError.java

Source: C:\Users\user\Desktop\Confirm Me.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	API call chain: ExitProcess graph end node

Anti Debugging

Found API chain indicative of debugger detection

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Debugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleep

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Code function: 4_2_6B36AD60 rdtsc

4_2_6B36AD60

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Code function: 4_2_0097D15B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

4_2_0097D15B

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Code function: 4_2_00974DC6 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,

4_2_00974DC6

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Code function: 4_2_00987E87 __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,

4_2_00987E87

Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Code function: 3_2_00401150 SetUnhandledExceptionFilter,__getmainargs,_iob,_iob,_setmode,_iob,_iob,_setmode,__p__fmode,__p__environ,_cexit,ExitProcess,	3_2_00401150
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0097D15B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_0097D15B
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_009796E8 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_009796E8
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0097EF37 SetUnhandledExceptionFilter,	4_2_0097EF37
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD2E44 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	4_2_6ADD2E44
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADF1A72 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	4_2_6ADF1A72

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Memory protected: page read and write | page guard

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe

Process created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe "C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre\jphp-runtime.jar;jre\jphp-xml-ext.jar;jre\jphp-zend-ext.jar;jre\jphp-zip-ext.jar;jre\lib;jre\LICENSE;jre\README.txt;jre\release;jre\slf4j-api.jar;jre\slf4j-simple.jar;jre\THIRDPARTYLICENSEREADME-JAVAFX.txt;jre\THIRDPARTYLICENSEREADME.txt;jre\Welcome.html;jre\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher

Jump to behavior

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Process created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe "c:\users\user\appdata\roaming\installerpdw\jre\bin\javaw.exe" -dfile.encoding=utf-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\copyright;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre\jphp-runtime.jar;jre\jphp-xml-ext.jar;jre\jphp-zend-ext.jar;jre\jphp-zip-ext.jar;jre\lib;jre\license;jre\readme.txt;jre\release;jre\slf4j-api.jar;jre\slf4j-simple.jar;jre\thirdpartylicensereadme-javafx.txt;jre\thirdpartylicensereadme.txt;jre\welcome.html;jre\zt-zip.jar" org.develnext.jphp.ext.javafx.fxlauncher
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Process created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe "c:\users\user\appdata\roaming\installerpdw\jre\bin\javaw.exe" -dfile.encoding=utf-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\copyright;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre\jphp-runtime.jar;jre\jphp-xml-ext.jar;jre\jphp-zend-ext.jar;jre\jphp-zip-ext.jar;jre\lib;jre\license;jre\readme.txt;jre\release;jre\slf4j-api.jar;jre\slf4j-simple.jar;jre\thirdpartylicensereadme-javafx.txt;jre\thirdpartylicensereadme.txt;jre\welcome.html;jre\zt-zip.jar" org.develnext.jphp.ext.javafx.fxlauncher			Jump to behavior

Source: Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: [mwndProcID was NULL in mainLoop()wndProc(JIJJ)JNULL != hIcon../../src/common/windows/native/WindowsJavaTrayIcon.cppTrayNotifyWndShell_TrayWndUnable to Start Java Plug-in Control Panel%s\javacpl.exeJava Sys Tray

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: GetLocaleInfoW,_wtoi,GetACP,		4_2_6B3E69B7
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: _Java_sun_awt_windows_WPageDialogPeer__1show@8,__EH_prolog3_catch,memset,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,wcscmp,free,GlobalLock,_control87,_control87,_control87,_control87,GlobalUnlock,_CxxThrowException,GlobalLock,GlobalUnlock,		4_2_6B3EEC97

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Code function: 4_2_0097F719 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

4_2_0097F719

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Code function: 4_2_0098819A __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,SetOaNoCache,

4_2_0098819A

Source: C:\Users\user\Desktop\Confirm Me.exe

0_2_0040351C

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected STRRAT

Source: Yara match

File source: Process Memory Space: javaw.exe PID: 6524, type: MEMORYSTR

Remote Access Functionality

Yara detected STRRAT

Source: Yara match

File source: Process Memory Space: javaw.exe PID: 6524, type: MEMORYSTR

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Code function: 4_2_6B368450 ?NotifyAdapterEventListeners@D3DPipelineManager@@SAXIJ@Z,_JNU_GetEnv@8,JNU_CallStaticMethodByName,

4_2_6B368450

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.20.3.235	pastebin.com	United States		13335	CLOUDFLARENETUS	true

Contacted Domains

Name	IP	Active
pastebin.com	104.20.3.235	true

AV Detection

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 97.0% probability

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD24F0 CryptReleaseContext,	4_2_6ADD24F0
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD16EE _Java_sun_security_mscapi_Key_cleanUp@24,CryptDestroyKey,CryptReleaseContext,	4_2_6ADD16EE
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD1CBB _Java_sun_security_mscapi_Key_getKeyType@16,CryptGetKeyParam,sprintf,	4_2_6ADD1CBB
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD26A7 _Java_sun_security_mscapi_RSAPublicKey_getPublicKeyBlob@16,CryptExportKey,CryptExportKey,GetLastError,??2@YAPAXI@Z,CryptExportKey,	4_2_6ADD26A7
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD1C59 _Java_sun_security_mscapi_Key_getContainerName@16,CryptGetProvParam,	4_2_6ADD1C59
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD2274 _Java_sun_security_mscapi_KeyStore_destroyKeyContainer@12,CryptAcquireContextA,GetLastError,	4_2_6ADD2274
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD120D _Java_sun_security_mscapi_PRNG_generateSeed@16,CryptAcquireContextA,GetLastError,CryptGenRandom,GetLastError,??2@YAPAXI@Z,CryptGenRandom,GetLastError,CryptGenRandom,	4_2_6ADD120D
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD2423 _Java_sun_security_mscapi_RSACipher_getKeyFromCert@20,CryptAcquireCertificatePrivateKey,GetLastError,CryptGetUserKey,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptImportPublicKeyInfo,GetLastError,	4_2_6ADD2423
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD2BF6 _Java_sun_security_mscapi_KeyStore_storePrivateKey@20,CryptAcquireContextA,GetLastError,CryptImportKey,	4_2_6ADD2BF6
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD13AC _Java_sun_security_mscapi_KeyStore_loadKeysOrCertificateChains@12,CertOpenSystemStoreA,GetLastError,CertEnumCertificatesInStore,CryptAcquireCertificatePrivateKey,CryptGetUserKey,CryptReleaseContext,CryptSetKeyParam,CertGetPublicKeyLength,CertGetNameStringA,??2@YAPAXI@Z,CertGetNameStringA,CryptGetKeyParam,CertFreeCertificateChain,	4_2_6ADD13AC
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD1B50 _Java_sun_security_mscapi_RSAKeyPairGenerator_generateRSAKeyPair@16,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptGenKey,	4_2_6ADD1B50
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD1D4B _Java_sun_security_mscapi_KeyStore_storeCertificate@40,CertOpenSystemStoreA,??2@YAPAXI@Z,CertCreateCertificateContext,GetLastError,??2@YAPAXI@Z,memcpy,CertSetCertificateContextProperty,CryptGetProvParam,CryptGetProvParam,??2@YAPAXI@Z,CryptGetProvParam,??2@YAPAXI@Z,mbstowcs,CryptGetProvParam,??2@YAPAXI@Z,CryptGetProvParam,??2@YAPAXI@Z,mbstowcs,CryptGetProvParam,CryptGetKeyParam,CertSetCertificateContextProperty,CertAddCertificateContextToStore,GetLastError,	4_2_6ADD1D4B
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD1968 _Java_sun_security_mscapi_RSASignature_verifySignedHash@44,__except_handler4,CryptCreateHash,CryptGetProvParam,CryptAcquireContextA,GetLastError,CryptCreateHash,??2@YAPAXI@Z,??2@YAPAXI@Z,CryptSetHashParam,CryptVerifySignatureA,	4_2_6ADD1968
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD256A _Java_sun_security_mscapi_RSACipher_encryptDecrypt@28,??2@YAPAXI@Z,CryptEncrypt,GetLastError,CryptDecrypt,	4_2_6ADD256A
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD1363 ??3@YAXPAX@Z,CryptReleaseContext,	4_2_6ADD1363
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD1719 _Java_sun_security_mscapi_RSASignature_signHash@40,__except_handler4,CryptCreateHash,CryptCreateHash,CryptGetProvParam,CryptAcquireContextA,GetLastError,CryptCreateHash,??2@YAPAXI@Z,CryptSetHashParam,CryptGetKeyParam,CryptSignHashA,CryptSignHashA,??2@YAPAXI@Z,CryptSignHashA,	4_2_6ADD1719
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD1B16 ??3@YAXPAX@Z,??3@YAXPAX@Z,CryptDestroyHash,CryptReleaseContext,	4_2_6ADD1B16
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD2500 _Java_sun_security_mscapi_KeyStore_getKeyLength@16,CryptGetKeyParam,GetLastError,	4_2_6ADD2500
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD192E ??3@YAXPAX@Z,??3@YAXPAX@Z,CryptDestroyHash,CryptReleaseContext,	4_2_6ADD192E
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD2D25 _Java_sun_security_mscapi_RSASignature_importPublicKey@16,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptImportKey,	4_2_6ADD2D25

Uses 32bit PE files

Source: Confirm Me.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\README.txt	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME.txt	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME.txt	Jump to behavior

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

File opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr100.dll

Jump to behavior

Source: unknown

HTTPS traffic detected: 104.20.3.235:443 -> 192.168.2.5:49778 version: TLS 1.2

Source: Confirm Me.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libt2k\t2k.pdb source: t2k.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjli\jli.pdb source: Confirm Me.exe, 00000000.00000003.2164017536.0000000002775000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge\JavaAccessBridge.pdb source: Confirm Me.exe, 00000000.00000003.2105009235.0000000002772000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libinstrument\instrument.pdb source: Confirm Me.exe, 00000000.00000003.2122874503.0000000002779000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\eula\obj\eula.pdb source: Confirm Me.exe, 00000000.00000003.2112822739.000000000277E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\javaws.pdb source: Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjawtaccessbridge-32\JAWTAccessBridge-32.pdb source: Confirm Me.exe, 00000000.00000003.2102696019.0000000002770000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libwindowsaccessbridge\WindowsAccessBridge.pdb source: Confirm Me.exe, 00000000.00000003.2106535004.0000000002772000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libj2pkcs11\j2pkcs11.pdb source: Confirm Me.exe, 00000000.00000003.2123933808.0000000002770000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libwindowsaccessbridge-32\WindowsAccessBridge-32.pdb source: Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libj2pcsc\j2pcsc.pdb source: Confirm Me.exe, 00000000.00000003.2123475901.000000000277F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: Confirm Me.exe, 00000000.00000003.2185814089.0000000002771000.00000004.00000020.00020000.00000000.sdmp, orbd.exe.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava_crw_demo\java_crw_demo.pdb98 source: Confirm Me.exe, 00000000.00000003.2128456389.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\rmid_objs\rmid.pdb source: Confirm Me.exe, 00000000.00000003.2190587949.0000000002775000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsplashscreen\splashscreen.pdb source: Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb) source: Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, JavaAccessBridge-32.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\keytool_objs\keytool.pdb source: Confirm Me.exe, 00000000.00000003.2174055178.000000000277C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb source: Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, JavaAccessBridge-32.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjsound\jsound.pdbIC source: Confirm Me.exe, 00000000.00000003.2171101964.0000000002776000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2ssv\obj\jp2ssv.pdb source: Confirm Me.exe, 00000000.00000003.2168135670.000000000277C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2ssv\obj\jp2ssv.pdb source: Confirm Me.exe, 00000000.00000003.2168135670.000000000277C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\kinit_objs\kinit.pdb source: Confirm Me.exe, 00000000.00000003.2175087733.0000000002779000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdbic source: Confirm Me.exe, 00000000.00000003.2184692925.000000000277B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2374873004.000000006E087000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnpt\npt.pdb source: Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libfontmanager\fontmanager.pdb@ source: Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb source: Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdcpr\dcpr.pdb source: Confirm Me.exe, 00000000.00000003.2109755976.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libhprof_jvmti\hprof.pdb source: Confirm Me.exe, 00000000.00000003.2122048543.0000000002773000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjdwp\jdwp.pdbI source: Confirm Me.exe, 00000000.00000003.2135311826.000000000277A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\jjs_objs\jjs.pdb source: Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\servertool_objs\servertool.pdb source: Confirm Me.exe, 00000000.00000003.2191839179.0000000002777000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\hotspot\windows_i486_compiler1\product\jvm.pdb source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\eula\obj\eula.pdb0 source: Confirm Me.exe, 00000000.00000003.2112822739.000000000277E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdb source: Confirm Me.exe, 00000000.00000003.2184692925.000000000277B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2374873004.000000006E087000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2iexp\obj\jp2iexp.pdb source: Confirm Me.exe, 00000000.00000003.2164971000.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjli\jli.pdb source: Confirm Me.exe, 00000000.00000003.2164017536.0000000002775000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcr120.i386.pdb source: Confirm Me.exe, 00000000.00000003.2183367662.0000000002777000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2372853891.000000006BF41000.00000020.00000001.01000000.0000000E.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdt_socket\dt_socket.pdb source: Confirm Me.exe, 00000000.00000003.2112138274.000000000277D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacpl\obj\javacpl.pdb4 source: Confirm Me.exe, 00000000.00000003.2129267673.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\pack200_objs\pack200.pdb source: Confirm Me.exe, 00000000.00000003.2186297923.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp120.i386.pdb source: Confirm Me.exe, 00000000.00000003.2180498787.0000000002770000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, javaw.exe, 00000004.00000002.2372515366.000000006BEC1000.00000020.00000001.01000000.0000000F.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdt_shmem\dt_shmem.pdb source: Confirm Me.exe, 00000000.00000003.2111585981.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjfr\jfr.pdb source: Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjawt\jawt.pdb source: Confirm Me.exe, 00000000.00000003.2134492627.000000000277D000.00000004.00000020.00020000.00000000.sdmp, jawt.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\rmiregistry_objs\rmiregistry.pdb source: Confirm Me.exe, 00000000.00000003.2191177168.000000000277A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjaas\jaas_nt.pdb source: Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjawtaccessbridge\JAWTAccessBridge.pdb source: Confirm Me.exe, 00000000.00000003.2103096731.0000000002770000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava_crw_demo\java_crw_demo.pdb source: Confirm Me.exe, 00000000.00000003.2128456389.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb source: Confirm Me.exe, 00000000.00000003.2127170220.0000000002772000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2375058158.000000006E3E3000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjsdt\jsdt.pdb source: Confirm Me.exe, 00000000.00000003.2170077141.000000000277F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjpeg\jpeg.pdb source: Confirm Me.exe, 00000000.00000003.2169273331.0000000002776000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\ktab_objs\ktab.pdb source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\klist_objs\klist.pdb source: Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacpl\obj\javacpl.pdb source: Confirm Me.exe, 00000000.00000003.2129267673.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnet\net.pdb source: Confirm Me.exe, 00000000.00000003.2184133514.0000000002777000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2373233269.000000006C07D000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libbci\bci.pdb source: Confirm Me.exe, 00000000.00000003.2109082232.000000000277E000.00000004.00000020.00020000.00000000.sdmp, bci.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsplashscreen\splashscreen.pdb source: Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libverify\verify.pdb source: javaw.exe, 00000004.00000002.2375515849.000000006F976000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacplexec\obj\javacpl.pdb source: Confirm Me.exe, 00000000.00000003.2130000619.0000000002773000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java_objs\java.pdb source: Confirm Me.exe, 00000000.00000003.2127860611.000000000277E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2iexp\obj\jp2iexp.pdb< source: Confirm Me.exe, 00000000.00000003.2164971000.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\javaw_objs\javaw.pdb source: Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, javaw.exe, 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmp, javaw.exe, 00000004.00000000.2300773769.000000000098C000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb8^DkdwBk source: javaw.exe, 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java-rmi_objs\java-rmi.pdb source: Confirm Me.exe, 00000000.00000003.2125754785.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb source: Confirm Me.exe, 00000000.00000003.2177737342.000000000277F000.00000004.00000020.00020000.00000000.sdmp, lcms.dll.0.dr
Source:	Binary string: msvcr100.i386.pdb source: Confirm Me.exe, 00000000.00000003.2182045877.0000000002770000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2374421523.000000006C461000.00000020.00000001.01000000.00000007.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\ssv\obj\ssv.pdb source: Confirm Me.exe, 00000000.00000003.2193499543.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjdwp\jdwp.pdb source: Confirm Me.exe, 00000000.00000003.2135311826.000000000277A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libzip\zip.pdb source: javaw.exe, 00000004.00000002.2375253895.000000006E4AA000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacplexec\obj\javacpl.pdb0 source: Confirm Me.exe, 00000000.00000003.2130000619.0000000002773000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmlib_image\mlib_image.pdb source: Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, mlib_image.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb$ source: javaw.exe, 00000004.00000002.2371383744.000000006ADF3000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb source: javaw.exe, 00000004.00000002.2371383744.000000006ADF3000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\deploy.pdb source: Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\jabswitch\jabswitch.pdb source: Confirm Me.exe, 00000000.00000003.2125094328.0000000002773000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdbP*A source: Confirm Me.exe, 00000000.00000003.2165813508.0000000002772000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\javaws.pdbPfC source: Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2native\obj\jp2native.pdb source: Confirm Me.exe, 00000000.00000003.2166511343.000000000277D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjsound\jsound.pdb source: Confirm Me.exe, 00000000.00000003.2171101964.0000000002776000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjfr\jfr.pdby* source: Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb'% source: Confirm Me.exe, 00000000.00000003.2127170220.0000000002772000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2375058158.000000006E3E3000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmlib_image\mlib_image.pdb9 source: Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, mlib_image.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb8^ source: Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunmscapi\sunmscapi.pdb source: javaw.exe, 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: tnameserv.exe.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libhprof_jvmti\hprof.pdbi source: Confirm Me.exe, 00000000.00000003.2122048543.0000000002773000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libresource\resource.pdb source: Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb* source: Confirm Me.exe, 00000000.00000003.2177737342.000000000277F000.00000004.00000020.00020000.00000000.sdmp, lcms.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnpt\npt.pdbY" source: Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libfontmanager\fontmanager.pdb source: Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmanagement\management.pdb source: Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjsoundds\jsoundds.pdb source: Confirm Me.exe, 00000000.00000003.2171917868.0000000002775000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjpeg\jpeg.pdbi source: Confirm Me.exe, 00000000.00000003.2169273331.0000000002776000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\policytool_objs\policytool.pdb source: Confirm Me.exe, 00000000.00000003.2186844213.000000000277C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmanagement\management.pdby: source: Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libkcms\kcms.pdb source: Confirm Me.exe, 00000000.00000003.2172830819.0000000002770000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdb source: Confirm Me.exe, 00000000.00000003.2165813508.0000000002772000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\Confirm Me.exe	Code function: 0_2_00405C4D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405C4D
Source: C:\Users\user\Desktop\Confirm Me.exe	Code function: 0_2_00402930 FindFirstFileW,	0_2_00402930
Source: C:\Users\user\Desktop\Confirm Me.exe	Code function: 0_2_0040689E FindFirstFileW,FindClose,	0_2_0040689E
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0097A3A5 __getdrive,FindFirstFileExA,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,_free,___loctotime64_t,_free,__wsopen_s,__fstat64i32,__close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,	4_2_0097A3A5
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_00975225 FindFirstFileA,FindNextFileA,_strlen,_strlen,_strlen,_memmove,_memmove,FindClose,	4_2_00975225

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	File opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	File opened: C:\Users\user\AppData\Roaming\InstallerPDW\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	File opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	File opened: C:\Users\user\AppData\Roaming\	Jump to behavior

Networking

Connects to a pastebin service (likely for C&C)

Source: unknown

DNS query: name: pastebin.com

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.20.3.235 104.20.3.235
Source: Joe Sandbox View	IP Address: 104.20.3.235 104.20.3.235

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 2db6873021f2a95daa7de0d93a1d1bf2

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: pastebin.com

Source: javaw.exe, 00000004.00000002.2351020651.0000000004C46000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: HTTP://WWW.CHAMBERSIGN.ORG
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/allow-java-encodings
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/allow-java-encodingshgo
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/continue-after-fatal-error
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/continue-after-fatal-errorTo
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/create-cdata-nodes
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2361017795.0000000014C9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/disallow-doctype-decl
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/create-entity-ref-nodes
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansion
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/defer-node-expansionG
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/dom/include-ignorable-whitespace:
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/generate-synthetic-annotations3
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocations
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/honour-all-schemaLocationsQo
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/include-comments
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/include-comments1
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/parser-settings
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/tolerate-duplicates
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/internal/validation/schema/use-grammar-pool-only
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/namespace-growth
Source: javaw.exe, 00000004.00000002.2362196887.00000000155A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/namespacesY
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtd
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/nonvalidating/load-external-dtdA
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/scanner/notify-builtin-refs
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/scanner/notify-char-refs
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2361017795.0000000014C9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/standard-uri-conformant
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validate-annotations
Source: javaw.exe, 00000004.00000002.2361017795.0000000014DA6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/balance-syntax-trees
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/dynamic
Source: javaw.exe, 00000004.00000002.2361017795.0000000014DA6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/dynamicI
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema-full-checking
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema-full-checkinga
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/augment-psvi
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/element-default
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/element-default=
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema/normalized-value
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/schema:
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-duplicate-attdef
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/validation/warn-on-undeclared-elemdef
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/warn-on-duplicate-entitydef
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-base-uris6
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xinclude/fixup-language:
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/features/xincludeC
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/co
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/dom/current-element-node
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/dom/current-element-node7
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/dom/document-class-name
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/dom/document-class-name3
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2361017795.0000000014C9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/input-buffer-size
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/datatype-validator-factory0lo
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/document-scanner
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/document-scanner5
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-processor7
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/dtd-scanner7
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/entity-manager
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/entity-manager:
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/entity-resolver
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/entity-resolverh
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/error-handler
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/error-handler=
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/error-reporter
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/error-reporter8
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/grammar-pool
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/grammar-pooln
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-binder
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-binderA
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/namespace-context
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2361017795.0000000014C9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver
Source: javaw.exe, 00000004.00000002.2361017795.0000000014C9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/stax-entity-resolver5
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/symbol-table
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/symbol-table6
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validation-manager
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validation-manager:
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validation/schema/dv-factory
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validator/dtd
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validator/dtdD
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/validator/schema
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/internal/xinclude-handler;
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/locale
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/localehF
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocation
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/schema/external-schemaLocationJ
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/security-manager
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/properties/security-manager&
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypes
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://apache.org/xml/xmlschema/1.0/anonymousTypes?
Source: javaw.exe, 00000004.00000002.2356527969.000000000A0CA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://asm.objectweb.org
Source: Confirm Me.exe, 00000000.00000003.2127170220.0000000002772000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2375058158.000000006E3E3000.00000002.00000001.01000000.0000000A.sdmp, javaw.exe, 00000004.00000002.2356527969.0000000009E16000.00000004.00001000.00020000.00000000.sdmp, java.dll.0.dr	String found in binary or memory: http://bugreport.sun.com/bugreport/
Source: Confirm Me.exe, 00000000.00000003.2127170220.0000000002772000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2375058158.000000006E3E3000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.dr	String found in binary or memory: http://bugreport.sun.com/bugreport/java.vendor.url.bughttp://java.oracle.com/java.vendor.urljava.ven
Source: Confirm Me.exe, 00000000.00000003.2121246597.0000000002779000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.
Source: Confirm Me.exe, 00000000.00000003.2121246597.0000000002779000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.GStreamer
Source: Confirm Me.exe, 00000000.00000003.2121246597.0000000002779000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Internal
Source: Confirm Me.exe, 00000000.00000003.2121246597.0000000002779000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.This
Source: Confirm Me.exe, 00000000.00000003.2121246597.0000000002779000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugzilla.gnome.org/enter_bug.cgi?product=GStreamer.Your
Source: javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html
Source: javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
Source: javaw.exe, 00000004.00000002.2356527969.000000000A675000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl
Source: javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crlS
Source: javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl#
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: Confirm Me.exe, 00000000.00000003.2073849307.000000000277B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.oracle.com/javase/7/docs/technotes/guides/plugin/
Source: Confirm Me.exe, 00000000.00000003.2161732222.00000000028F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://icl.com/saxon
Source: Confirm Me.exe, 00000000.00000003.2161732222.00000000028F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://icl.com/saxonorg.apache.xalan.xslt.extensions.RedirectxsltDocumentElem:
Source: Confirm Me.exe, 00000000.00000003.2127170220.0000000002772000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2375058158.000000006E3E3000.00000002.00000001.01000000.0000000A.sdmp, javaw.exe, 00000004.00000002.2356527969.0000000009E1C000.00000004.00001000.00020000.00000000.sdmp, java.dll.0.dr	String found in binary or memory: http://java.oracle.com/
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/jaxp/xpath/dom
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/jaxp/xpath/dom;l
Source: Confirm Me.exe, 00000000.00000003.2135311826.000000000277A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/products/jpda
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/dom/properties/
Source: javaw.exe, 00000004.00000002.2361017795.0000000014DA6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/dom/properties/ancestor-check
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaLanguage=
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/jaxp/properties/schemaSource;
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/schema/features/
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/schema/features/)
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/schema/features/report-ignored-element-content-whitespace3
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/
Source: javaw.exe, 00000004.00000002.2361017795.0000000014C9B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A46F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtd
Source: javaw.exe, 00000004.00000002.2361017795.0000000014C9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/ignore-external-dtd9
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/reader-in-defined-state
Source: javaw.exe, 00000004.00000002.2361017795.0000000014DA6000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A46F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/xml/stream/properties/report-cdata-event
Source: Confirm Me.exe, 00000000.00000003.2114974237.0000000002775000.00000004.00000020.00020000.00000000.sdmp, fxplugins.dll.0.dr	String found in binary or memory: http://javafx.com/
Source: javaw.exe, 00000004.00000002.2356527969.000000000A2B7000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://javafx.com/fxml/1
Source: javaw.exe, 00000004.00000002.2356527969.000000000A2B7000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://javafx.com/javafx/8
Source: Confirm Me.exe, 00000000.00000003.2114974237.0000000002775000.00000004.00000020.00020000.00000000.sdmp, fxplugins.dll.0.dr	String found in binary or memory: http://javafx.com/vp6decoderflvdemux
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/feature/secure-processing
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTD
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalDTDR
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalSchema
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.XMLConstants/property/accessExternalStylesheet
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.transform.dom.DOMResult/feature
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.transform.dom.DOMSource/feature
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.transform.sax.SAXResult/feature#
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.transform.sax.SAXSource/feature
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, jfr.jar.0.dr	String found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/feature
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/feature/xmlfilter
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/feature0
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.transform.stax.StAXResult/feature
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.transform.stax.StAXSource/feature
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.transform.stax.StAXSource/feature#
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.transform.stream.StreamResult/feature8
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.transform.stream.StreamSource/feature
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://javax.xml.transform.stream.StreamSource/feature6
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: Confirm Me.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2364658631.000000001644C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://null.sun.com/
Source: Confirm Me.exe, 00000000.00000002.2302744590.000000000040C000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://ocsp.example.net:80
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://openjdk.java.net/jeps/220).
Source: Confirm Me.exe, 00000000.00000003.2072751855.0000000002770000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://oss.oracle.com/projects/gstreamer-mods/
Source: Confirm Me.exe, 00000000.00000003.2072751855.0000000002770000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://oss.oracle.com/projects/webkit-java-mods/
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.com
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.com0
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://policy.camerfirma.comC
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://relaxngcc.sf.net/).
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/0
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/C
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s2.symcb.com0
Source: Confirm Me.exe, 00000000.00000003.2072751855.0000000002770000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://search.msn.com/docs/siteowner.aspx.
Source: javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://site.com/
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcd.com0&
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tartarus.org/~martin/PorterStemmer
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crls
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://upx.sourceforge.net/upx-license.html.
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://upx.tsx.org
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wildsau.idv.uni-linz.ac.at/mfx/upx.html
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2072751855.0000000002770000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2072751855.0000000002770000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class2.crl
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class2.crl0
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3P.crl
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.certplus.com/CRL/class3P.crls
Source: javaw.exe, 00000004.00000002.2351020651.0000000004C46000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.chambersign.org
Source: javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.chambersign.org1
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ecma-international.org
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ecma-international.org/memento/codeofconduct.htm
Source: Confirm Me.exe, 00000000.00000003.2121246597.0000000002779000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.ifpi.org/isrc/
Source: Confirm Me.exe, 00000000.00000003.2161732222.00000000028F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jclark.com/xt
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.linuxnet.com
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.nexus.hu/upx
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/feature/use-service-mechanism
Source: jfr.jar.0.dr	String found in binary or memory: http://www.oracle.com/hotspot/jdk/
Source: jfr.jar.0.dr	String found in binary or memory: http://www.oracle.com/hotspot/jfr-info/
Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp, jfr.jar.0.dr	String found in binary or memory: http://www.oracle.com/hotspot/jvm/
Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://www.oracle.com/hotspot/jvm/java/monitor/address
Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/code_sweeper/id
Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/compiler/id
Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://www.oracle.com/hotspot/jvm/vm/gc/id
Source: javaw.exe, 00000004.00000002.2364389357.0000000016411000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/technetwork/java/javafx/index.html
Source: Confirm Me.exe, 00000000.00000003.2193499543.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/technetwork/java/javase/downloads/index.html
Source: Confirm Me.exe, 00000000.00000003.2073849307.000000000277B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/technetwork/java/javase/overview/
Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://www.oracle.com/technetwork/java/javaseproducts/
Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp	String found in binary or memory: http://www.oracle.com/technetwork/java/javaseproducts/C:
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/is-standalone
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/elementAttributeLimit
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/enableExtensionFunctions
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/enableExtensionFunctions=
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/entityReplacementLimit
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/getEntityCountInfo%
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxElementDepth
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimit
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxOccurLimit
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit#
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/maxXMLNameLimit
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimit
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.oracle.com/xml/jaxp/properties/xmlSecurityPropertyManager
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bm
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bm0
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bmc
Source: javaw.exe, 00000004.00000002.2356527969.000000000A675000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: javaw.exe, 00000004.00000002.2356527969.000000000A5E8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sgi.com/software/opensource/cid/license.html
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sgi.com/software/opensource/glx/license.html.
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/cps0(
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/rpa00
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/Public/
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/Public/.
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/cldr/data/.
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/copyright.html.
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.unicode.org/reports/
Source: Confirm Me.exe, 00000000.00000003.2073310506.0000000002778000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.xfree86.org/)
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.apache.org/xalan
Source: javaw.exe, 00000004.00000002.2361017795.0000000014D69000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.apache.org/xpath/features/whitespace-pre-stripping
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.apache.org/xslt
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/P
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/allow-dtd-events-after-endDTD7
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/external-general-entities
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/external-general-entitiesYo
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/external-parameter-entities
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/namespaces
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/namespaces=
Source: javaw.exe, 00000004.00000002.2362196887.00000000155A1000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A46F000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/string-interning
Source: javaw.exe, 00000004.00000002.2362196887.00000000155A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/string-interningfeature
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/use-entity-resolver2
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/validation
Source: javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/features/validation?
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2362196887.00000000153C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/lexical-handler
Source: javaw.exe, 00000004.00000002.2356527969.000000000A1F1000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/xml-string
Source: javaw.exe, 00000004.00000002.2350571854.0000000002687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xml.org/sax/properties/xml-string?
Source: Confirm Me.exe, 00000000.00000003.2161732222.00000000028F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/
Source: Confirm Me.exe, 00000000.00000003.2161732222.00000000028F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/Templates:
Source: Confirm Me.exe, 00000000.00000003.2161732222.00000000028F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/namespace
Source: Confirm Me.exe, 00000000.00000003.2161732222.00000000028F7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://xmlsoft.org/XSLT/namespacehttp://www.jclark.com/xtxpath
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/cps0%
Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp, Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0
Source: javaw.exe, 00000004.00000002.2364389357.00000000163B0000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/TsSaltan/DevelNext-jURL/releases/latest
Source: javaw.exe, 00000004.00000002.2356527969.0000000009ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/google/gson
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: javaw.exe, 00000004.00000002.2356527969.000000000A7D5000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.coms
Source: javaw.exe, 00000004.00000002.2356527969.000000000A6AC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pastebin.com/raw/WhdMR234

Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778

Source: unknown

HTTPS traffic detected: 104.20.3.235:443 -> 192.168.2.5:49778 version: TLS 1.2

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\Confirm Me.exe

0_2_00405705

Contains functionality to retrieve information about pressed keystrokes

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Code function: 4_2_6B3F6800 GetKeyboardState,

4_2_6B3F6800

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD2BF6 _Java_sun_security_mscapi_KeyStore_storePrivateKey@20,CryptAcquireContextA,GetLastError,CryptImportKey,		4_2_6ADD2BF6
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD2D25 _Java_sun_security_mscapi_RSASignature_importPublicKey@16,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptImportKey,		4_2_6ADD2D25

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\Confirm Me.exe

0_2_0040351C

Detected potential crypto function

Source: C:\Users\user\Desktop\Confirm Me.exe	Code function: 0_2_00406C5F	0_2_00406C5F
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Code function: 3_2_00405D30	3_2_00405D30
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Code function: 3_2_004013B0	3_2_004013B0
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0098B4A1	4_2_0098B4A1
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_009784FF	4_2_009784FF
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_00977016	4_2_00977016
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_00976829	4_2_00976829
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0097B99C	4_2_0097B99C
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0097B5FE	4_2_0097B5FE
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_00989925	4_2_00989925
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0097C156	4_2_0097C156
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0098A552	4_2_0098A552
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0097BD6E	4_2_0097BD6E
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0097B169	4_2_0097B169
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_00989E76	4_2_00989E76
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_009893D4	4_2_009893D4
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_00977B2F	4_2_00977B2F
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_00977F2B	4_2_00977F2B
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADE2ACB	4_2_6ADE2ACB
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADE3CF0	4_2_6ADE3CF0
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADE6CEE	4_2_6ADE6CEE
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADE9AE7	4_2_6ADE9AE7
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADE3286	4_2_6ADE3286
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADEDEBA	4_2_6ADEDEBA
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADED6B5	4_2_6ADED6B5
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADEDCAE	4_2_6ADEDCAE
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADED257	4_2_6ADED257
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADED87C	4_2_6ADED87C
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADE3E7A	4_2_6ADE3E7A
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADE7FDA	4_2_6ADE7FDA
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADE91DA	4_2_6ADE91DA
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADE33D5	4_2_6ADE33D5
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADED75B	4_2_6ADED75B
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADE7168	4_2_6ADE7168
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADE6966	4_2_6ADE6966
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADE9564	4_2_6ADE9564
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADE2911	4_2_6ADE2911
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADEE52D	4_2_6ADEE52D
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B386A78	4_2_6B386A78
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B386A76	4_2_6B386A76
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B3DE940	4_2_6B3DE940
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B3869F0	4_2_6B3869F0
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B352820	4_2_6B352820
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B36082C	4_2_6B36082C
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B36AD60	4_2_6B36AD60
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B3DED60	4_2_6B3DED60
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B3B8CC0	4_2_6B3B8CC0
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B3523A0	4_2_6B3523A0
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B352280	4_2_6B352280
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B37E2C0	4_2_6B37E2C0
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B3CA006	4_2_6B3CA006
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B3B87B0	4_2_6B3B87B0
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B3607A0	4_2_6B3607A0
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B352530	4_2_6B352530
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B3DE530	4_2_6B3DE530
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B3DDB90	4_2_6B3DDB90
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B3E1A10	4_2_6B3E1A10
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B351A40	4_2_6B351A40
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B3BBA80	4_2_6B3BBA80
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B3BD960	4_2_6B3BD960

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Code function: String function: 00406E10 appears 37 times
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: String function: 00978A72 appears 35 times
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: String function: 0097DB40 appears 40 times
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: String function: 6B404026 appears 177 times
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: String function: 6B403DC6 appears 34 times
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: String function: 6B403F81 appears 217 times
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: String function: 6B3AEA57 appears 132 times
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: String function: 00973BA3 appears 49 times
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: String function: 6B403D9C appears 107 times
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: String function: 6B3FF4BC appears 215 times

Sample file is different than original file name gathered from version info

Source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamektab.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2136680918.000000000277F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejfxmedia.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2110297857.0000000002772000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedecora_sse.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejjs.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejavaw.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameklist.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejfr.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamefontmanager.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejavaws.exeX vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesplashscreen.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2189482672.0000000002771000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprism_sw.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameJavaAccessBridge-32.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemlib_image.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameresource.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemanagement.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameawt.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejaas_nt.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2161732222.00000000028F7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejfxwebkit.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedeploy.dllX vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWindowsAccessBridge-32.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2188672907.0000000002771000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprism_d3d.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamenpt.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2130612947.000000000277B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejavafx_font.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2193499543.00000000027D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamessv.dllX vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2177737342.000000000277F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelcms.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2184133514.0000000002777000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamenet.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2135311826.000000000277A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejdwp.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2166511343.000000000277D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejp2native.dllX vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2109755976.000000000277B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedcpr.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2170077141.000000000277F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejsdt.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2191177168.000000000277A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamermiregistry.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2127860611.000000000277E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejava.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2131468702.0000000002775000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejavafx_font_t2k.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2171101964.0000000002776000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejsound.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2134492627.000000000277D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejawt.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2164017536.0000000002775000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejli.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2169273331.0000000002776000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejpeg.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2172830819.0000000002770000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamecmm.dll^ vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2185814089.0000000002771000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameorbd.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2127170220.0000000002772000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejava.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2190587949.0000000002775000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamermid.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2168135670.000000000277C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejp2ssv.dllX vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2123475901.000000000277F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamej2pcsc.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2183367662.0000000002777000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcr120.dll^ vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2105009235.0000000002772000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameJavaAccessBridge.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2102696019.0000000002770000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameJAWTAccessBridge-32.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2112138274.000000000277D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedt_socket.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2103096731.0000000002770000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameJAWTAccessBridge.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2186844213.000000000277C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepolicytool.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2187677469.000000000277A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprism_common.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2122048543.0000000002773000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamehprof.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2164971000.0000000002778000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejp2iexp.dllX vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2111585981.0000000002778000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedt_shmem.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2171917868.0000000002775000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejsoundds.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2123933808.0000000002770000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamej2pkcs11.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2115977249.0000000002773000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameglass.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2191839179.0000000002777000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameservertool.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2174055178.000000000277C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekeytool.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2175087733.0000000002779000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamekinit.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2186297923.0000000002778000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamepack200.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2106535004.0000000002772000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWindowsAccessBridge.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2180498787.0000000002770000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcp120.dll^ vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2128456389.000000000277B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejava_crw_demo.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2182045877.0000000002770000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamemsvcr100_clr0400.dll^ vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2122874503.0000000002779000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameinstrument.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2109082232.000000000277E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamebci.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2121246597.0000000002779000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamegstreamer-lite.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2165813508.0000000002772000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejp2launcher.exeX vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2130000619.0000000002773000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejavacpl.exeX vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2112822739.000000000277E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameeula.dllX vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2125754785.000000000277B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejava-rmi.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2119978601.00000000027AD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameglib-lite.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2132216215.0000000002779000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejavafx_iio.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2125094328.0000000002773000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejabswitch.exeN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2114974237.0000000002775000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamefxplugins.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2184692925.000000000277B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamenio.dllN vs Confirm Me.exe
Source: Confirm Me.exe, 00000000.00000003.2129267673.0000000002778000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamejavacpl.cplX vs Confirm Me.exe

Uses 32bit PE files

Source: Confirm Me.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: mal60.troj.evad.winEXE@5/218@1/1

Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe

Code function: 3_2_00401ED0 GetLastError,puts,ShellExecuteA,printf,fclose,MessageBoxA,FormatMessageA,strlen,strcat,LocalFree,fprintf,fprintf,fprintf,

3_2_00401ED0

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD22F9 _Java_sun_security_mscapi_RSACipher_findCertificateUsingAlias@16,CertOpenSystemStoreA,GetLastError,CertGetNameStringA,CertEnumCertificatesInStore,CertGetNameStringA,??2@YAPAXI@Z,CertGetNameStringA,strcmp,??3@YAXPAX@Z,??3@YAXPAX@Z,	4_2_6ADD22F9
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD20B5 _Java_sun_security_mscapi_KeyStore_removeCertificate@24,CertOpenSystemStoreA,??2@YAPAXI@Z,CertCreateCertificateContext,GetLastError,CertFindCertificateInStore,CertGetNameStringA,CertGetNameStringA,??2@YAPAXI@Z,CertGetNameStringA,strcmp,CertDeleteCertificateFromStore,GetLastError,	4_2_6ADD20B5
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD13AC _Java_sun_security_mscapi_KeyStore_loadKeysOrCertificateChains@12,CertOpenSystemStoreA,GetLastError,CertEnumCertificatesInStore,CryptAcquireCertificatePrivateKey,CryptGetUserKey,CryptReleaseContext,CryptSetKeyParam,CertGetPublicKeyLength,CertGetNameStringA,??2@YAPAXI@Z,CertGetNameStringA,CryptGetKeyParam,CertFreeCertificateChain,	4_2_6ADD13AC
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD1D4B _Java_sun_security_mscapi_KeyStore_storeCertificate@40,CertOpenSystemStoreA,??2@YAPAXI@Z,CertCreateCertificateContext,GetLastError,??2@YAPAXI@Z,memcpy,CertSetCertificateContextProperty,CryptGetProvParam,CryptGetProvParam,??2@YAPAXI@Z,CryptGetProvParam,??2@YAPAXI@Z,mbstowcs,CryptGetProvParam,??2@YAPAXI@Z,CryptGetProvParam,??2@YAPAXI@Z,mbstowcs,CryptGetProvParam,CryptGetKeyParam,CertSetCertificateContextProperty,CertAddCertificateContextToStore,GetLastError,	4_2_6ADD1D4B

Source: C:\Users\user\Desktop\Confirm Me.exe

0_2_0040351C

Source: C:\Users\user\Desktop\Confirm Me.exe

Code function: 0_2_004049B1 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

0_2_004049B1

Source: C:\Users\user\Desktop\Confirm Me.exe

Code function: 0_2_004021CF CoCreateInstance,

0_2_004021CF

Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe

3_2_00404740

Source: C:\Users\user\Desktop\Confirm Me.exe

File created: C:\Users\user\AppData\Roaming\InstallerPDW

Jump to behavior

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\Confirm Me.exe

File created: C:\Users\user\AppData\Local\Temp\nszF341.tmp

Jump to behavior

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Command line argument: 1.8		4_2_00971000
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Command line argument: 1.8.0_101-b13		4_2_00971000

Source: Confirm Me.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Confirm Me.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Confirm Me.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: javaw.exe	String found in binary or memory: sun/launcher/LauncherHelper
Source: javaw.exe	String found in binary or memory: -help

Source: C:\Users\user\Desktop\Confirm Me.exe

File read: C:\Users\user\Desktop\Confirm Me.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Confirm Me.exe "C:\Users\user\Desktop\Confirm Me.exe"
Source: C:\Users\user\Desktop\Confirm Me.exe	Process created: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe C:\Users\user\AppData\Roaming\InstallerPDW\install.exe
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Process created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe "C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre\jphp-runtime.jar;jre\jphp-xml-ext.jar;jre\jphp-zend-ext.jar;jre\jphp-zip-ext.jar;jre\lib;jre\LICENSE;jre\README.txt;jre\release;jre\slf4j-api.jar;jre\slf4j-simple.jar;jre\THIRDPARTYLICENSEREADME-JAVAFX.txt;jre\THIRDPARTYLICENSEREADME.txt;jre\Welcome.html;jre\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher
Source: C:\Users\user\Desktop\Confirm Me.exe	Process created: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Process created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe "C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\COPYRIGHT;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre\jphp-runtime.jar;jre\jphp-xml-ext.jar;jre\jphp-zend-ext.jar;jre\jphp-zip-ext.jar;jre\lib;jre\LICENSE;jre\README.txt;jre\release;jre\slf4j-api.jar;jre\slf4j-simple.jar;jre\THIRDPARTYLICENSEREADME-JAVAFX.txt;jre\THIRDPARTYLICENSEREADME.txt;jre\Welcome.html;jre\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher	Jump to behavior

Source: C:\Users\user\Desktop\Confirm Me.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: C:\Users\user\Desktop\Confirm Me.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: Confirm Me.exe

Static file information: File size 48457393 > 1048576

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

File opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr100.dll

Jump to behavior

Source: Confirm Me.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libt2k\t2k.pdb source: t2k.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjli\jli.pdb source: Confirm Me.exe, 00000000.00000003.2164017536.0000000002775000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge\JavaAccessBridge.pdb source: Confirm Me.exe, 00000000.00000003.2105009235.0000000002772000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libinstrument\instrument.pdb source: Confirm Me.exe, 00000000.00000003.2122874503.0000000002779000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\eula\obj\eula.pdb source: Confirm Me.exe, 00000000.00000003.2112822739.000000000277E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\javaws.pdb source: Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjawtaccessbridge-32\JAWTAccessBridge-32.pdb source: Confirm Me.exe, 00000000.00000003.2102696019.0000000002770000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libwindowsaccessbridge\WindowsAccessBridge.pdb source: Confirm Me.exe, 00000000.00000003.2106535004.0000000002772000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libj2pkcs11\j2pkcs11.pdb source: Confirm Me.exe, 00000000.00000003.2123933808.0000000002770000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libwindowsaccessbridge-32\WindowsAccessBridge-32.pdb source: Confirm Me.exe, 00000000.00000003.2105820893.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libj2pcsc\j2pcsc.pdb source: Confirm Me.exe, 00000000.00000003.2123475901.000000000277F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\orbd_objs\orbd.pdb source: Confirm Me.exe, 00000000.00000003.2185814089.0000000002771000.00000004.00000020.00020000.00000000.sdmp, orbd.exe.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava_crw_demo\java_crw_demo.pdb98 source: Confirm Me.exe, 00000000.00000003.2128456389.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\rmid_objs\rmid.pdb source: Confirm Me.exe, 00000000.00000003.2190587949.0000000002775000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsplashscreen\splashscreen.pdb source: Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb) source: Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, JavaAccessBridge-32.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\keytool_objs\keytool.pdb source: Confirm Me.exe, 00000000.00000003.2174055178.000000000277C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjavaaccessbridge-32\JavaAccessBridge-32.pdb source: Confirm Me.exe, 00000000.00000003.2103954291.0000000002774000.00000004.00000020.00020000.00000000.sdmp, JavaAccessBridge-32.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjsound\jsound.pdbIC source: Confirm Me.exe, 00000000.00000003.2171101964.0000000002776000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2ssv\obj\jp2ssv.pdb source: Confirm Me.exe, 00000000.00000003.2168135670.000000000277C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2ssv\obj\jp2ssv.pdb source: Confirm Me.exe, 00000000.00000003.2168135670.000000000277C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\kinit_objs\kinit.pdb source: Confirm Me.exe, 00000000.00000003.2175087733.0000000002779000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdbic source: Confirm Me.exe, 00000000.00000003.2184692925.000000000277B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2374873004.000000006E087000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnpt\npt.pdb source: Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libfontmanager\fontmanager.pdb@ source: Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb source: Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdcpr\dcpr.pdb source: Confirm Me.exe, 00000000.00000003.2109755976.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libhprof_jvmti\hprof.pdb source: Confirm Me.exe, 00000000.00000003.2122048543.0000000002773000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjdwp\jdwp.pdbI source: Confirm Me.exe, 00000000.00000003.2135311826.000000000277A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\jjs_objs\jjs.pdb source: Confirm Me.exe, 00000000.00000003.2162903936.000000000277E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\servertool_objs\servertool.pdb source: Confirm Me.exe, 00000000.00000003.2191839179.0000000002777000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\hotspot\windows_i486_compiler1\product\jvm.pdb source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\eula\obj\eula.pdb0 source: Confirm Me.exe, 00000000.00000003.2112822739.000000000277E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnio\nio.pdb source: Confirm Me.exe, 00000000.00000003.2184692925.000000000277B000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2374873004.000000006E087000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2iexp\obj\jp2iexp.pdb source: Confirm Me.exe, 00000000.00000003.2164971000.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjli\jli.pdb source: Confirm Me.exe, 00000000.00000003.2164017536.0000000002775000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcr120.i386.pdb source: Confirm Me.exe, 00000000.00000003.2183367662.0000000002777000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2372853891.000000006BF41000.00000020.00000001.01000000.0000000E.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdt_socket\dt_socket.pdb source: Confirm Me.exe, 00000000.00000003.2112138274.000000000277D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacpl\obj\javacpl.pdb4 source: Confirm Me.exe, 00000000.00000003.2129267673.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\pack200_objs\pack200.pdb source: Confirm Me.exe, 00000000.00000003.2186297923.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: msvcp120.i386.pdb source: Confirm Me.exe, 00000000.00000003.2180498787.0000000002770000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, javaw.exe, 00000004.00000002.2372515366.000000006BEC1000.00000020.00000001.01000000.0000000F.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libdt_shmem\dt_shmem.pdb source: Confirm Me.exe, 00000000.00000003.2111585981.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjfr\jfr.pdb source: Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjawt\jawt.pdb source: Confirm Me.exe, 00000000.00000003.2134492627.000000000277D000.00000004.00000020.00020000.00000000.sdmp, jawt.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\rmiregistry_objs\rmiregistry.pdb source: Confirm Me.exe, 00000000.00000003.2191177168.000000000277A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjaas\jaas_nt.pdb source: Confirm Me.exe, 00000000.00000003.2124549762.0000000002773000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjawtaccessbridge\JAWTAccessBridge.pdb source: Confirm Me.exe, 00000000.00000003.2103096731.0000000002770000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava_crw_demo\java_crw_demo.pdb source: Confirm Me.exe, 00000000.00000003.2128456389.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb source: Confirm Me.exe, 00000000.00000003.2127170220.0000000002772000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2375058158.000000006E3E3000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjsdt\jsdt.pdb source: Confirm Me.exe, 00000000.00000003.2170077141.000000000277F000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjpeg\jpeg.pdb source: Confirm Me.exe, 00000000.00000003.2169273331.0000000002776000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\ktab_objs\ktab.pdb source: Confirm Me.exe, 00000000.00000003.2176475937.0000000002770000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\klist_objs\klist.pdb source: Confirm Me.exe, 00000000.00000003.2175962246.0000000002772000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacpl\obj\javacpl.pdb source: Confirm Me.exe, 00000000.00000003.2129267673.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnet\net.pdb source: Confirm Me.exe, 00000000.00000003.2184133514.0000000002777000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2373233269.000000006C07D000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libbci\bci.pdb source: Confirm Me.exe, 00000000.00000003.2109082232.000000000277E000.00000004.00000020.00020000.00000000.sdmp, bci.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsplashscreen\splashscreen.pdb source: Confirm Me.exe, 00000000.00000003.2192528718.0000000002771000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libverify\verify.pdb source: javaw.exe, 00000004.00000002.2375515849.000000006F976000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacplexec\obj\javacpl.pdb source: Confirm Me.exe, 00000000.00000003.2130000619.0000000002773000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java_objs\java.pdb source: Confirm Me.exe, 00000000.00000003.2127860611.000000000277E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2iexp\obj\jp2iexp.pdb< source: Confirm Me.exe, 00000000.00000003.2164971000.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\javaw_objs\javaw.pdb source: Confirm Me.exe, 00000000.00000003.2133107806.000000000277A000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, javaw.exe, 00000004.00000002.2349945499.000000000098C000.00000002.00000001.01000000.00000006.sdmp, javaw.exe, 00000004.00000000.2300773769.000000000098C000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb8^DkdwBk source: javaw.exe, 00000004.00000002.2371623832.000000006B409000.00000002.00000001.01000000.00000013.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\java-rmi_objs\java-rmi.pdb source: Confirm Me.exe, 00000000.00000003.2125754785.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb source: Confirm Me.exe, 00000000.00000003.2177737342.000000000277F000.00000004.00000020.00020000.00000000.sdmp, lcms.dll.0.dr
Source:	Binary string: msvcr100.i386.pdb source: Confirm Me.exe, 00000000.00000003.2182045877.0000000002770000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2374421523.000000006C461000.00000020.00000001.01000000.00000007.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\ssv\obj\ssv.pdb source: Confirm Me.exe, 00000000.00000003.2193499543.0000000002778000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjdwp\jdwp.pdb source: Confirm Me.exe, 00000000.00000003.2135311826.000000000277A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libzip\zip.pdb source: javaw.exe, 00000004.00000002.2375253895.000000006E4AA000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\javacplexec\obj\javacpl.pdb0 source: Confirm Me.exe, 00000000.00000003.2130000619.0000000002773000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmlib_image\mlib_image.pdb source: Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, mlib_image.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb$ source: javaw.exe, 00000004.00000002.2371383744.000000006ADF3000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunec\sunec.pdb source: javaw.exe, 00000004.00000002.2371383744.000000006ADF3000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\deploy.pdb source: Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\jabswitch\jabswitch.pdb source: Confirm Me.exe, 00000000.00000003.2125094328.0000000002773000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdbP*A source: Confirm Me.exe, 00000000.00000003.2165813508.0000000002772000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\jre-image\bin\javaws.pdbPfC source: Confirm Me.exe, 00000000.00000003.2133969187.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2native\obj\jp2native.pdb source: Confirm Me.exe, 00000000.00000003.2166511343.000000000277D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjsound\jsound.pdb source: Confirm Me.exe, 00000000.00000003.2171101964.0000000002776000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjfr\jfr.pdby* source: Confirm Me.exe, 00000000.00000003.2135890249.000000000277C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjava\java.pdb'% source: Confirm Me.exe, 00000000.00000003.2127170220.0000000002772000.00000004.00000020.00020000.00000000.sdmp, javaw.exe, 00000004.00000002.2375058158.000000006E3E3000.00000002.00000001.01000000.0000000A.sdmp, java.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmlib_image\mlib_image.pdb9 source: Confirm Me.exe, 00000000.00000003.2179635291.000000000277C000.00000004.00000020.00020000.00000000.sdmp, mlib_image.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libawt\awt.pdb8^ source: Confirm Me.exe, 00000000.00000003.2108436357.000000000277D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libsunmscapi\sunmscapi.pdb source: javaw.exe, 00000004.00000002.2371227574.000000006ADD4000.00000002.00000001.01000000.00000018.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\tnameserv_objs\tnameserv.pdb source: tnameserv.exe.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libhprof_jvmti\hprof.pdbi source: Confirm Me.exe, 00000000.00000003.2122048543.0000000002773000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libresource\resource.pdb source: Confirm Me.exe, 00000000.00000003.2190020253.0000000002776000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\liblcms\lcms.pdb* source: Confirm Me.exe, 00000000.00000003.2177737342.000000000277F000.00000004.00000020.00020000.00000000.sdmp, lcms.dll.0.dr
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libnpt\npt.pdbY" source: Confirm Me.exe, 00000000.00000003.2185154882.0000000002775000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libfontmanager\fontmanager.pdb source: Confirm Me.exe, 00000000.00000003.2113767019.000000000277B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmanagement\management.pdb source: Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjsoundds\jsoundds.pdb source: Confirm Me.exe, 00000000.00000003.2171917868.0000000002775000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libjpeg\jpeg.pdbi source: Confirm Me.exe, 00000000.00000003.2169273331.0000000002776000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\policytool_objs\policytool.pdb source: Confirm Me.exe, 00000000.00000003.2186844213.000000000277C000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libmanagement\management.pdby: source: Confirm Me.exe, 00000000.00000003.2178477314.0000000002774000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\jdk\objs\libkcms\kcms.pdb source: Confirm Me.exe, 00000000.00000003.2172830819.0000000002770000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: c:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\build\windows-i586\deploy\tmp\jp2launcher\obj\jp2launcher.pdb source: Confirm Me.exe, 00000000.00000003.2165813508.0000000002772000.00000004.00000020.00020000.00000000.sdmp

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Code function: 4_2_00974DC6 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,

4_2_00974DC6

PE file contains sections with non-standard names

Source: jfxwebkit.dll.0.dr	Static PE information: section name: .unwante
Source: prism_sw.dll.0.dr	Static PE information: section name: _RDATA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0098F4AD pushad ; ret	4_2_0098F4AE
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0098F8EC push cs; iretd	4_2_0098F9C2
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0098F9EE push cs; iretd	4_2_0098F9C2
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0098FB9E push ebx; ret	4_2_0098FB9F
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0097DB85 push ecx; ret	4_2_0097DB98
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_009807ED push edi; ret	4_2_009807EE
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD2EB5 push ecx; ret	4_2_6ADD2EC8
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADF23F5 push ecx; ret	4_2_6ADF2408
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B4048B5 push ecx; ret	4_2_6B4048C8
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6B404026 push ecx; ret	4_2_6B404039

Source: msvcr100.dll.0.dr	Static PE information: section name: .text entropy: 6.90903234258047
Source: msvcr100.dll0.0.dr	Static PE information: section name: .text entropy: 6.90903234258047
Source: msvcr120.dll.0.dr	Static PE information: section name: .text entropy: 6.95576372950548

Drops PE files

Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge-32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\lcms.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr100.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\npt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kcms.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fontmanager.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxwebkit.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jli.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kinit.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2iexp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\verify.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_socket.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\bci.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2native.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfr.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_shmem.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmiregistry.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jawt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java_crw_demo.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_sw.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.cpl	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\sunmscapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\nio.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\servertool.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\net.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\policytool.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\zip.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jabswitch.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaws.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ssvagent.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxmedia.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fxplugins.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\wsdetect.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dcpr.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ssv.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge-32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2ssv.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glib-lite.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\tnameserv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\gstreamer-lite.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\deploy.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\awt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_d3d.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\sunec.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\decora_sse.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\splashscreen.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2launcher.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\orbd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pcsc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_iio.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jdwp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsoundds.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\npjp2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\klist.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\keytool.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmid.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\management.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcp120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\npdeployJava1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glass.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jaas_nt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge-32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\mlib_image.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\t2k.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\hprof.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_common.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsdt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\unpack200.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\unpack.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ktab.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\w2k_lsa_auth.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\instrument.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font_t2k.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pkcs11.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\client\jvm.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\resource.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jjs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\eula.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\pack200.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsound.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java-rmi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\msvcr100.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\deployJava1.dll	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Users\user\Desktop\Confirm Me.exe

File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.cpl

Jump to dropped file

Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\README.txt	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME.txt	Jump to behavior
Source: C:\Users\user\Desktop\Confirm Me.exe	File created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\THIRDPARTYLICENSEREADME.txt	Jump to behavior

Source: C:\Users\user\Desktop\Confirm Me.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Code function: 4_2_6B36AD60 rdtsc

4_2_6B36AD60

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge-32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr100.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\lcms.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\npt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kcms.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jli.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxwebkit.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fontmanager.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\kinit.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2iexp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\verify.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\bci.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_socket.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2native.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfr.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dt_shmem.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmiregistry.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jawt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java_crw_demo.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_sw.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.cpl	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\sunmscapi.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\nio.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\servertool.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\net.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\policytool.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\zip.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jabswitch.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaws.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ssvagent.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jfxmedia.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\fxplugins.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\wsdetect.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dcpr.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ssv.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javacpl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\WindowsAccessBridge-32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2ssv.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\tnameserv.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glib-lite.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\gstreamer-lite.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\deploy.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\awt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_d3d.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\sunec.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\decora_sse.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\splashscreen.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jp2launcher.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\orbd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_iio.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pcsc.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jdwp.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsoundds.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcr120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\npjp2.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\klist.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\keytool.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\rmid.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\msvcp120.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\management.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\npdeployJava1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\glass.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jaas_nt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\t2k.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\mlib_image.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge-32.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\prism_common.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\hprof.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsdt.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\unpack200.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\unpack.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\ktab.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\w2k_lsa_auth.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\instrument.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javafx_font_t2k.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\j2pkcs11.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\client\jvm.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\resource.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JavaAccessBridge.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jjs.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\eula.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\JAWTAccessBridge.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\pack200.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jsound.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\jpeg.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\java-rmi.exe	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\dtplugin\deployJava1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\Confirm Me.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\plugin2\msvcr100.dll	Jump to dropped file

Found evasive API chain (may stop execution after checking a module file name)

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

Found large amount of non-executed APIs

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

API coverage: 1.8 %

Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Code function: 4_2_6B3C4604 GetKeyboardLayout followed by cmp: cmp ax, cx and CTI: jne 6B3C4627h

4_2_6B3C4604

Source: C:\Users\user\Desktop\Confirm Me.exe	Code function: 0_2_00405C4D GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405C4D
Source: C:\Users\user\Desktop\Confirm Me.exe	Code function: 0_2_00402930 FindFirstFileW,	0_2_00402930
Source: C:\Users\user\Desktop\Confirm Me.exe	Code function: 0_2_0040689E FindFirstFileW,FindClose,	0_2_0040689E
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0097A3A5 __getdrive,FindFirstFileExA,__wfullpath_helper,_strlen,_IsRootUNCName,GetDriveTypeA,_free,___loctotime64_t,_free,__wsopen_s,__fstat64i32,__close,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FileTimeToLocalFileTime,FileTimeToSystemTime,___loctotime64_t,FindClose,___dtoxmode,GetLastError,__dosmaperr,FindClose,	4_2_0097A3A5
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_00975225 FindFirstFileA,FindNextFileA,_strlen,_strlen,_strlen,_memmove,_memmove,FindClose,	4_2_00975225

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	File opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	File opened: C:\Users\user\AppData\Roaming\InstallerPDW\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	File opened: C:\Users\user\AppData\Roaming\InstallerPDW\jre\lib\	Jump to behavior
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	File opened: C:\Users\user\AppData\Roaming\	Jump to behavior

Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: l{constant pool}code cache C-heap hand metaspace chunks dict zone strs syms heap threads [Verifying Genesis-2147483648Unable to link/verify Finalizer.register methodUnable to link/verify ClassLoader.addClass methodProtectionDomain.impliesCreateAccessControlContext() has the wrong linkageUnable to link/verify Unsafe.throwIllegalAccessError methodJava heap space: failed reallocation of scalar replaced objectsGC overhead limit exceededRequested array size exceeds VM limitCompressed class spaceJava heap spaceUnable to link/verify VirtualMachineError classC:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\hotspot\src\share\vm\oops\arrayKlass.cpp[]guarantee(component_mirror()->klass() != NULL) failedshould have a classC:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\hotspot\src\share\vm\gc_interface/collectedHeap.inline.hpp - length: %dguarantee(a->length() >= 0) failedarray with negative length?guarantee(obj->is_array()) failedmust be arrayshould be klassguarantee(is_constantPool()) failedvtable restored by this call<pseudo-string> cache=0x%08x (extra) for /operands[%d]/preresolutionconstant pool [%d]A constant pool lockC:\re\workspace\8-2-build-windows-i586-cygwin\jdk8u101\7261\hotspot\src\share\vm\oops\constantPool.cppguarantee(!ConstantPool::is_invokedynamic_index(which)) failedan invokedynamic instruction does not have a klassRESOLVE %s %s
Source: javaw.exe, 00000004.00000003.2301973931.0000000014C6E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp, classlist.0.dr	Binary or memory string: java/lang/VirtualMachineError
Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: Unable to link/verify VirtualMachineError class
Source: Confirm Me.exe, 00000000.00000003.2135311826.000000000277A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: JVM version %s (%s, %s)<unknown>VirtualMachineImpl.cRedefineClassesGetTopThreadGroupsJNI_FALSENewStringUTF;DeleteWeakGlobalRefsignature bagsignaturesclassTrack.cloaded classesclassTrack tableNewWeakGlobalRefsignatureKlassNodeAttempting to insert duplicate classloaded classes arraySetTagcommonRef.cDeleteGlobalRefFreeing %d (%x)
Source: Confirm Me.exe, 00000000.00000003.2135311826.000000000277A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VirtualMachineImpl.c
Source: javaw.exe, 00000004.00000003.2301973931.0000000014C6E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: org/omg/CORBA/OMGVMCID.classPK
Source: javaw.exe, 00000004.00000002.2350571854.0000000002600000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: cjava/lang/VirtualMachineError
Source: javaw.exe, 00000004.00000002.2350571854.0000000002600000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: t[Ljava/lang/VirtualMachineError;
Source: javaw.exe, 00000004.00000003.2301973931.0000000014C6E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: )Q+com/sun/corba/se/impl/util/SUNVMCID.classPK
Source: javaw.exe, 00000004.00000002.2373624509.000000006C351000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: _well_known_klasses[SystemDictionary::VirtualMachineError_klass_knum]
Source: javaw.exe, 00000004.00000003.2301973931.0000000014C6E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: java/lang/VirtualMachineError.classPK
Source: javaw.exe, 00000004.00000002.2350234267.0000000000D3B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlll
Source: javaw.exe, 00000004.00000002.2350571854.0000000002600000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: lVirtualMachineError.java

Source: C:\Users\user\Desktop\Confirm Me.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	API call chain: ExitProcess graph end node

Anti Debugging

Found API chain indicative of debugger detection

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Debugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleep

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Code function: 4_2_6B36AD60 rdtsc

4_2_6B36AD60

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Code function: 4_2_0097D15B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

4_2_0097D15B

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Code function: 4_2_00974DC6 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,

4_2_00974DC6

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

4_2_00987E87

Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Code function: 3_2_00401150 SetUnhandledExceptionFilter,__getmainargs,_iob,_iob,_setmode,_iob,_iob,_setmode,__p__fmode,__p__environ,_cexit,ExitProcess,	3_2_00401150
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0097D15B _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_0097D15B
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_009796E8 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_009796E8
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_0097EF37 SetUnhandledExceptionFilter,	4_2_0097EF37
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADD2E44 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	4_2_6ADD2E44
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: 4_2_6ADF1A72 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,	4_2_6ADF1A72

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Memory protected: page read and write | page guard

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe

Jump to behavior

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Process created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe "c:\users\user\appdata\roaming\installerpdw\jre\bin\javaw.exe" -dfile.encoding=utf-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\copyright;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre\jphp-runtime.jar;jre\jphp-xml-ext.jar;jre\jphp-zend-ext.jar;jre\jphp-zip-ext.jar;jre\lib;jre\license;jre\readme.txt;jre\release;jre\slf4j-api.jar;jre\slf4j-simple.jar;jre\thirdpartylicensereadme-javafx.txt;jre\thirdpartylicensereadme.txt;jre\welcome.html;jre\zt-zip.jar" org.develnext.jphp.ext.javafx.fxlauncher
Source: C:\Users\user\AppData\Roaming\InstallerPDW\install.exe	Process created: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe "c:\users\user\appdata\roaming\installerpdw\jre\bin\javaw.exe" -dfile.encoding=utf-8 -classpath "jre\.;jre\..;jre\asm-all.jar;jre\bin;jre\copyright;jre\dn-compiled-module.jar;jre\dn-php-sdk.jar;jre\gson.jar;jre\jphp-app-framework.jar;jre\jphp-core.jar;jre\jphp-desktop-ext.jar;jre\jphp-gui-ext.jar;jre\jphp-json-ext.jar;jre\jphp-runtime.jar;jre\jphp-xml-ext.jar;jre\jphp-zend-ext.jar;jre\jphp-zip-ext.jar;jre\lib;jre\license;jre\readme.txt;jre\release;jre\slf4j-api.jar;jre\slf4j-simple.jar;jre\thirdpartylicensereadme-javafx.txt;jre\thirdpartylicensereadme.txt;jre\welcome.html;jre\zt-zip.jar" org.develnext.jphp.ext.javafx.fxlauncher			Jump to behavior

Source: Confirm Me.exe, 00000000.00000003.2110909639.0000000002770000.00000004.00000020.00020000.00000000.sdmp

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: GetLocaleInfoW,_wtoi,GetACP,		4_2_6B3E69B7
Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe	Code function: _Java_sun_awt_windows_WPageDialogPeer__1show@8,__EH_prolog3_catch,memset,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,wcscmp,free,GlobalLock,_control87,_control87,_control87,_control87,GlobalUnlock,_CxxThrowException,GlobalLock,GlobalUnlock,		4_2_6B3EEC97

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Code function: 4_2_0097F719 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

4_2_0097F719

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

4_2_0098819A

Source: C:\Users\user\Desktop\Confirm Me.exe

0_2_0040351C

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected STRRAT

Source: Yara match

File source: Process Memory Space: javaw.exe PID: 6524, type: MEMORYSTR

Remote Access Functionality

Yara detected STRRAT

Source: Yara match

File source: Process Memory Space: javaw.exe PID: 6524, type: MEMORYSTR

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Source: C:\Users\user\AppData\Roaming\InstallerPDW\jre\bin\javaw.exe

Code function: 4_2_6B368450 ?NotifyAdapterEventListeners@D3DPipelineManager@@SAXIJ@Z,_JNU_GetEnv@8,JNU_CallStaticMethodByName,

4_2_6B368450

ID:	1526550
Product:	CloudBasic
Start time:	09:31:09
Start date:	06.10.2024
Sample:	Confirm Me.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	9e1f57731569a5ccbd7526f3ae1c4b50
SHA1:	1c7915b594ea634885c57c2281a8ce77483f1961
SHA256:	f659219bbbb50593d0cd629ccf48faca878b444162b14863854480a7c9289266
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
Confirm Me.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Windows Analysis Report Confirm Me.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Windows Analysis Report
Confirm Me.exe